Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
sniatsr.zip

Overview

General Information

Sample name:sniatsr.zip
Analysis ID:1640819
MD5:d7c0e0604a196f93fee1c4e90ed01c7d
SHA1:00c2707c231e9a9d0915007cac5f9eb86e0484c3
SHA256:36e2f45f708f07300e6fae8a5eeef85b3d4850e043616665e65bbe79d0192ca7
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6264 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • firefox.exe (PID: 6384 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6404 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6612 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7eb6157-f027-4388-a907-6b35217329f1} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b07256ed10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 4360 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f72bc4a-2e43-4b96-a3b4-bcb4d18e063d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b004f92110 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5220 -prefMapHandle 5248 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {523061e7-fae6-40f8-8215-03206ea077c4} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b005da2910 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • chrome.exe (PID: 6664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --loadload-extension=C:\Windows\crx MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,885814846529338984,14222650655154050318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • 7zG.exe (PID: 8028 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap18132:70:7zEvent24597 MD5: 50F289DF0C19484E970849AAC4E6F977)
  • cmd.exe (PID: 5908 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sniatsr.exe (PID: 684 cmdline: sniatsr.exe MD5: AB2DDC779E4C638047603FF345B874A7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Desktop\WWStartupCtrl64.dllReversingLabs: Detection: 33%
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000002.00000003.1290233744.000002B07F5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1292177688.000002B07F563000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1344527212.000002B07F5F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000002.00000003.1330967429.000002B011B57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1359127783.000002B011B66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000002.00000003.1358016445.000002B011BBA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D423000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdbP4 source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb0 source: firefox.exe, 00000002.00000003.1305610663.000002B00D423000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000002.00000003.1330967429.000002B011B57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1359127783.000002B011B66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 00000002.00000003.1358016445.000002B011BBA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.dr
Source: Binary string: winmm.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdbnav-back-shortcut-alt source: firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\src-aliim-store\qintao\IMClient-RV\symbol\Release\wwst64.pdb source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe, 0000001A.00000000.1413623563.00007FF62137E000.00000002.00000001.01000000.00000011.sdmp, sniatsr.exe.12.dr
Source: Binary string: dxgi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: firefox.exeMemory has grown: Private usage: 1MB later: 263MB
Source: unknownNetwork traffic detected: DNS query count 35
Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
Source: Joe Sandbox ViewIP Address: 34.49.51.44 34.49.51.44
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 2.22.61.56 2.22.61.56
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: tx8010bf916ad24497ab4a8-0067d34aa4dfw1Cache-Control: public, max-age=158475Expires: Wed, 19 Mar 2025 14:00:58 GMTDate: Mon, 17 Mar 2025 17:59:43 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 87 17 85 41 d1 7f 12 49 5d 72 03 c7 e4 78 b4 e2 b9 2a 82 3c 49 59 6a c9 96 da ec cc 70 30 18 8c 60 53 ae 4d 40 14 45 f7 8f 66 ea 3d ae 3b 21 cf 40 1e b0 f8 be 0d 45 c4 bb 05 45 bb be a3 fa 9e ad 1b 20 e1 9b 9c 30 1a 6e da 03 12 f1 4a 64 c8 b7 1c 64 d2 7f fd d6 06 bc 75 4d ec 2d 94 71 49 c6 6c 52 8e 07 7a 9a 07 3d 7d a8 a5 72 83 44 e6 58 4c 5a a7 ac 92 f2 78 b6 24 97 04 7c 63 a1 31 d2 63 55 6b 4d e6 26 d6 51 6e 5d ac fe 61 5d 74 fd 68 fa a1 2a d4 b4 21 b9 36 20 37 80 e4 4a 64 af 44 76 4b 4a 22 57 67 64 2a 25 6e 99 07 d2 bf 77 ab e9 f6 4a 6e 69 fb 69 6e 6d 72 9b 40 4d 85 24 27 5a c7 73 8c 04 ec 18 23 29 25 Data Ascii: PKbNRgmpopenh264.dll|E0=I14f1q`
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: tx8010bf916ad24497ab4a8-0067d34aa4dfw1Cache-Control: public, max-age=158475Expires: Wed, 19 Mar 2025 14:00:58 GMTDate: Mon, 17 Mar 2025 17:59:43 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 87 17 85 41 d1 7f 12 49 5d 72 03 c7 e4 78 b4 e2 b9 2a 82 3c 49 59 6a c9 96 da ec cc 70 30 18 8c 60 53 ae 4d 40 14 45 f7 8f 66 ea 3d ae 3b 21 cf 40 1e b0 f8 be 0d 45 c4 bb 05 45 bb be a3 fa 9e ad 1b 20 e1 9b 9c 30 1a 6e da 03 12 f1 4a 64 c8 b7 1c 64 d2 7f fd d6 06 bc 75 4d ec 2d 94 71 49 c6 6c 52 8e 07 7a 9a 07 3d 7d a8 a5 72 83 44 e6 58 4c 5a a7 ac 92 f2 78 b6 24 97 04 7c 63 a1 31 d2 63 55 6b 4d e6 26 d6 51 6e 5d ac fe 61 5d 74 fd 68 fa a1 2a d4 b4 21 b9 36 20 37 80 e4 4a 64 af 44 76 4b 4a 22 57 67 64 2a 25 6e 99 07 d2 bf 77 ab e9 f6 4a 6e 69 fb 69 6e 6d 72 9b 40 4d 85 24 27 5a c7 73 8c 04 ec 18 23 29 25 Data Ascii: PKbNRgmpopenh264.dll|E0=I14f1q`
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: tx8010bf916ad24497ab4a8-0067d34aa4dfw1Cache-Control: public, max-age=158475Expires: Wed, 19 Mar 2025 14:00:58 GMTDate: Mon, 17 Mar 2025 17:59:43 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 87 17 85 41 d1 7f 12 49 5d 72 03 c7 e4 78 b4 e2 b9 2a 82 3c 49 59 6a c9 96 da ec cc 70 30 18 8c 60 53 ae 4d 40 14 45 f7 8f 66 ea 3d ae 3b 21 cf 40 1e b0 f8 be 0d 45 c4 bb 05 45 bb be a3 fa 9e ad 1b 20 e1 9b 9c 30 1a 6e da 03 12 f1 4a 64 c8 b7 1c 64 d2 7f fd d6 06 bc 75 4d ec 2d 94 71 49 c6 6c 52 8e 07 7a 9a 07 3d 7d a8 a5 72 83 44 e6 58 4c 5a a7 ac 92 f2 78 b6 24 97 04 7c 63 a1 31 d2 63 55 6b 4d e6 26 d6 51 6e 5d ac fe 61 5d 74 fd 68 fa a1 2a d4 b4 21 b9 36 20 37 80 e4 4a 64 af 44 76 4b 4a 22 57 67 64 2a 25 6e 99 07 d2 bf 77 ab e9 f6 4a 6e 69 fb 69 6e 6d 72 9b 40 4d 85 24 27 5a c7 73 8c 04 ec 18 23 29 25 Data Ascii: PKbNRgmpopenh264.dll|E0=I14f1q`
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=8:sp1dzjMbQJnvBJ18rUlo2rHGH00TyifxoZNniyyRdDs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1Host: ciscobinary.openh264.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000002.00000003.1287110650.000002B0032EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1281144759.000002B07F460000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1336299598.000002B0023F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: +www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1164912662.000002B07F578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1410726084.000002B004FC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311961724.000002B004FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1177164097.000002B00D966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1248591690.000002B07DEFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1177164097.000002B00D966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1248591690.000002B07DEFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D36D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1410726084.000002B004FC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311961724.000002B004FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ["www.facebook.com","facebook.com"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ["www.youtube.com","youtube.com"] equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: browser.startup.upgradeDialog.pinPBM.disabledmr2022-onboarding-mobile-download-titlemr2022-onboarding-privacy-segmentation-image-altchrome://browser/content/cfr-lightning.svg["www.youtube.com","youtube.com"]chrome://browser/content/cfr-lightning-dark.svgresource://gre/modules/AppConstants.sys.mjsmr2022-onboarding-mobile-download-image-altmr2022-onboarding-mobile-download-cta-textmr2022-onboarding-mobile-download-subtitleresource://gre/modules/XPCOMUtils.sys.mjsdefault-browser-notification-messageetp-promotions?as=u&utm_source=inproductresource://nimbus/ExperimentAPI.sys.mjsmr2022-onboarding-pin-primary-button-labelmr2022-onboarding-secondary-skip-button-labelmr2022-onboarding-default-image-altmr2022-onboarding-import-image-altcfr-doorhanger-milestone-close-buttonmr2022-onboarding-pin-private-image-altresource://gre/modules/BrowserUtils.sys.mjs["www.facebook.com","facebook.com"]mr2022-onboarding-existing-pin-checkbox-labeldefault-browser-notification-buttonchrome://global/skin/icons/search-glass.svgservices.sync.clients.devices.mobilemr2022-onboarding-existing-pin-headermr2022-onboarding-existing-pin-subtitlemr2022-onboarding-set-default-titleresource:///modules/ShellService.sys.mjs["www.wikipedia.org","wikipedia.org"]mr2022-onboarding-set-default-subtitlefluent:about-private-browsing-focus-promo-ctachrome://browser/content/assets/klar-qr-code.svgmr2022-onboarding-privacy-segmentation-subtitlechrome://browser/content/assets/focus-logo.svgScan the QR code to get Firefox Klarbrowser.privateWindowSeparation.enabled!inMr2022Holdback && doesAppNeedPrivatePincookiebanners.service.mode.privateBrowsingtracking-protection-icon-containeronboarding-start-browsing-button-label_shouldShowPrivacySegmentationScreenfluent:about-private-browsing-pin-promo-headerfluent:about-private-browsing-pin-promo-titlemr2022-onboarding-privacy-segmentation-titlemr2022-onboarding-gratitude-image-altmr2022-onboarding-gratitude-primary-button-labelfluent:about-private-browsing-learn-more-linkmr2022-onboarding-gratitude-titlefeltPrivacyShowPreferencesSectionmr2022-onboarding-get-started-primary-subtitlebrowser.firefox-view.feature-tour | length - 1] == null || messageImpressions.mr2022-onboarding-privacy-segmentation-text-ctabrowser.dataFeatureRecommendations.enabledfx100-thank-you-pin-primary-button-labelmr2022-onboarding-gratitude-subtitlebrowser.shell.checkDefaultBrowser | regExpMatch('(?<=complete":)(.*)(?=})')fluent:about-private-browsing-focus-promo-text-c | regExpMatch('(?<=screen"s*:)s*"(mr2022-onboarding-no-mobile-download-cta-textchrome://browser/content/assets/focus-promo.pngfirefoxview-spotlight-promo-titlecallout-firefox-view-tab-pickup-titlecallout-firefox-view-tab-pickup-subtitlechrome://browser/content/callout-tab-pickup.svgcallout-primary-advance-button-labelcallout-firefox-view-recently-closed-titlecallout-firefox-view-recently-closed-subtitlecallout-primary-complete-button-labelbound _onExperimentEnrollmentsUpdatedresource://gre/modules/XPCOMUtils.sys.mjsfirefox
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: browser.startup.upgradeDialog.pinPBM.disabledmr2022-onboarding-mobile-download-titlemr2022-onboarding-privacy-segmentation-image-altchrome://browser/content/cfr-lightning.svg["www.youtube.com","youtube.com"]chrome://browser/content/cfr-lightning-dark.svgresource://gre/modules/AppConstants.sys.mjsmr2022-onboarding-mobile-download-image-altmr2022-onboarding-mobile-download-cta-textmr2022-onboarding-mobile-download-subtitleresource://gre/modules/XPCOMUtils.sys.mjsdefault-browser-notification-messageetp-promotions?as=u&utm_source=inproductresource://nimbus/ExperimentAPI.sys.mjsmr2022-onboarding-pin-primary-button-labelmr2022-onboarding-secondary-skip-button-labelmr2022-onboarding-default-image-altmr2022-onboarding-import-image-altcfr-doorhanger-milestone-close-buttonmr2022-onboarding-pin-private-image-altresource://gre/modules/BrowserUtils.sys.mjs["www.facebook.com","facebook.com"]mr2022-onboarding-existing-pin-checkbox-labeldefault-browser-notification-buttonchrome://global/skin/icons/search-glass.svgservices.sync.clients.devices.mobilemr2022-onboarding-existing-pin-headermr2022-onboarding-existing-pin-subtitlemr2022-onboarding-set-default-titleresource:///modules/ShellService.sys.mjs["www.wikipedia.org","wikipedia.org"]mr2022-onboarding-set-default-subtitlefluent:about-private-browsing-focus-promo-ctachrome://browser/content/assets/klar-qr-code.svgmr2022-onboarding-privacy-segmentation-subtitlechrome://browser/content/assets/focus-logo.svgScan the QR code to get Firefox Klarbrowser.privateWindowSeparation.enabled!inMr2022Holdback && doesAppNeedPrivatePincookiebanners.service.mode.privateBrowsingtracking-protection-icon-containeronboarding-start-browsing-button-label_shouldShowPrivacySegmentationScreenfluent:about-private-browsing-pin-promo-headerfluent:about-private-browsing-pin-promo-titlemr2022-onboarding-privacy-segmentation-titlemr2022-onboarding-gratitude-image-altmr2022-onboarding-gratitude-primary-button-labelfluent:about-private-browsing-learn-more-linkmr2022-onboarding-gratitude-titlefeltPrivacyShowPreferencesSectionmr2022-onboarding-get-started-primary-subtitlebrowser.firefox-view.feature-tour | length - 1] == null || messageImpressions.mr2022-onboarding-privacy-segmentation-text-ctabrowser.dataFeatureRecommendations.enabledfx100-thank-you-pin-primary-button-labelmr2022-onboarding-gratitude-subtitlebrowser.shell.checkDefaultBrowser | regExpMatch('(?<=complete":)(.*)(?=})')fluent:about-private-browsing-focus-promo-text-c | regExpMatch('(?<=screen"s*:)s*"(mr2022-onboarding-no-mobile-download-cta-textchrome://browser/content/assets/focus-promo.pngfirefoxview-spotlight-promo-titlecallout-firefox-view-tab-pickup-titlecallout-firefox-view-tab-pickup-subtitlechrome://browser/content/callout-tab-pickup.svgcallout-primary-advance-button-labelcallout-firefox-view-recently-closed-titlecallout-firefox-view-recently-closed-subtitlecallout-primary-complete-button-labelbound _onExperimentEnrollmentsUpdatedresource://gre/modules/XPCOMUtils.sys.mjsfirefox
Source: firefox.exe, 00000002.00000003.1177164097.000002B00D966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1248591690.000002B07DEFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1177164097.000002B00D966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1248591690.000002B07DEFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1537449739.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1537449739.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000002.00000003.1537449739.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000010.00000002.2304136523.000001E2CE00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.facebook.com (Facebook)
Source: firefox.exe, 00000010.00000002.2304136523.000001E2CE00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.twitter.com (Twitter)
Source: firefox.exe, 00000010.00000002.2304136523.000001E2CE00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/h equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1281144759.000002B07F460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1609809333.000002B0037CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D36D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789393434.000002B003099000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1618814783.000002B00307F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000002.00000003.1410096155.000002B004FFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1257252095.000002B004FA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1434215150.000002B004EE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000002.00000003.1613887497.000002B0033E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1616478656.000002B003334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy.tombstone.experimenter.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: a19.dscg10.akamai.net
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 899sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539009733.000002B005D9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539009733.000002B005DA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1170358491.000002B00D428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000002.00000003.1616905248.000002B00332F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000002.00000003.1783807362.000002B0034C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000002.00000003.1783605253.000002B003ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000002.00000003.1547982026.000002B004D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000002.00000003.1411732099.000002B004F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D4CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1418598093.000002B0128AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1313135562.000002B004E69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1543825663.000002B00CF98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1421756148.000002B00C6AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1787999135.000002B0030F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1604598969.000002B00C6AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000002.00000003.1615649118.000002B003387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000002.00000003.1356899037.000002B00CF8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000002.00000003.1300568617.000002B00D972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000002.00000003.1300568617.000002B00D972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D3A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D3A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000002.00000003.1347939383.000002B07DDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000002.00000003.1348286761.000002B07DD81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000002.00000003.1347939383.000002B07DDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000002.00000003.1348286761.000002B07DD81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000002.00000003.1347939383.000002B07DDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1223015129.000002B00CD9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000002.00000003.1598483494.000037F9F8903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1617271468.000002B0030E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1529863947.000002FF0B003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1787999135.000002B0030EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/aboutWelcomeBehavior
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/boolean
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/disableGreaseOnFallback
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxAnyPriorityThreads
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreads
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/ehPreconnectEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/ehPreloadEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/forceWaitHttpsRR
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/greasePaddingSize
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/h3Enabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/h3GreaseEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/insecureFallback
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/migrateExtensions
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/networkPredictor
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/preconnect
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 00000002.00000003.1633284579.000002B0044A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog
Source: firefox.exe, 00000002.00000003.1633284579.000002B0044A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestarts
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 00000002.00000003.1633284579.000002B0044A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetry
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/richSuggestionsFeatureGate
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/serpEventTelemetryEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showImportAll
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showPreferencesEntrypoint
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/tlsEnabled
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/tlsGreaseProb
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingMaxResultsNoSearchMode
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingRequireSearchMode
Source: firefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/useNewWizard
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 00000002.00000003.1529863947.000002FF0B003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
Source: firefox.exe, 00000002.00000003.1598483494.000037F9F8903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0C
Source: firefox.exe, 00000002.00000003.1251569611.000002B005CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539320376.000002B005CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1225204761.000002B003851000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1191553670.000002B00C8AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1546707122.000002B004FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1465382257.000002B004FD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1257252095.000002B004FA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1189852705.000002B003B8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1441110436.000002B0027F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410726084.000002B004FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1258015409.000002B004E41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1440281815.000002B002BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1190044445.000002B003B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1396072690.000002B00CFD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1225204761.000002B003839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1111120260.000002B0025DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1193674460.000002B003BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311961724.000002B004FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1340464255.000002B004E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1251569611.000002B005CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1461690543.000002B005CF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000002.00000003.1598483494.000037F9F8903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1529863947.000002FF0B003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000002.00000003.1355799913.000002B00D09C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000002.00000003.1355799913.000002B00D09C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://s2.symcb.com0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sf.symcb.com/sf.crl0a
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sf.symcd.com0&
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://sv.symcd.com0&
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000002.00000003.1521858689.000002B01295C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000002.00000003.1627659575.000002B002112000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1247950490.000002B07F51E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1424416380.000002B004F2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1292851546.000002B07F51E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1623275153.000002B002AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1458023604.000002B07F51E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1178191271.000002B005195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000002.00000003.1623275153.000002B002AEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/printPreviewPag
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://www.symauth.com/cps0(
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: http://www.symauth.com/rpa00
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1355799913.000002B00D09C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1251569611.000002B005CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1355799913.000002B00D09C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1251569611.000002B005CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000002.00000003.1427853632.000002B0047AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000002.00000003.1422453526.000002B005D0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1617271468.000002B0030E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1787999135.000002B0030E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/logowordmark.alwaysVisiblescoreFeeds/feedsPromises
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000002.00000003.1450943331.000002B00386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/mr2022-upgrade-onboarding-pin-private-
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/JSON.parse:
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/chrome://global/skin/icons/indicator-pr
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/(
Source: firefox.exe, 00000002.00000003.1259435209.000002B003ED2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1608044306.000002B003ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1783605253.000002B003ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000002.00000003.1616478656.000002B003334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1611493002.000002B00345A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000002.00000003.1538007458.000002B00C67E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1402653749.000002B00C677000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000002.00000003.1626824235.000002B002645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000002.00000003.1349249946.000002B01288B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1618661159.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1432767781.000002B00D0EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1321712736.000002B012842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 00000002.00000003.1521733644.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1331930616.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=16965812014
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 00000002.00000003.1259435209.000002B003EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000002.00000003.1244721418.000002B00D13B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000002.00000003.1244666330.000002B00C8CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075.module--carousel__left
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000002.00000003.1241764490.000002B07F478000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1243036514.000002B00CEE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000002.00000003.1271580861.000002B003A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000002.00000003.1625060013.000002B0026CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000002.00000003.1301656448.000002B00D753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000002.00000003.1305054913.000002B00D4EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1314505162.000002B004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000002.00000003.1395251772.000002B00D082000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1543142383.000002B00D082000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000002.00000003.1356686449.000002B00D08F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000002.00000003.1461623411.000002B005D1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tilesextensions.pocket.oAuthConsumerKey
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: https://d.symcb.com/cps0%
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: https://d.symcb.com/rpa0
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000002.00000003.1204690450.000002B003223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1762390809.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1467590321.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1782249724.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1425132182.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1342229951.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1606087334.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1547534132.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323738309.000002B004DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D3A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000002.00000003.1225204761.000002B003848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000002.00000003.1784724163.000002B0033D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1613887497.000002B0033D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1238702845.000002B003A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1543825663.000002B00CF8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1356899037.000002B00CF8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000002.00000003.1537000708.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401222678.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000002.00000003.1172207567.000002B00CD8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1452600813.000002B0050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000002.00000003.1172207567.000002B00CD8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1486087846.000002B003A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000002.00000003.1450943331.000002B00386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2
Source: firefox.exe, 00000002.00000003.1452600813.000002B0050F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000002.00000003.1618661159.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000002.00000003.1617840764.000002B0030C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000002.00000003.1788627668.000002B0030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000002.00000003.1618299596.000002B0030B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000002.00000003.1537000708.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401222678.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000002.00000003.1625733248.000002B00269B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000006.00000002.2306887525.00000241D8A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000002.00000003.1465382257.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabresource://activity-stream/lib/ASRouter
Source: firefox.exe, 00000002.00000003.1465382257.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtabExpected
Source: firefox.exe, 00000002.00000003.1465382257.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1625733248.000002B00269B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morediscoverystream.isCollectionDismissible
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morediscoverystream.isCollectionDismissibleCould
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morehome-prefs-recommended-by-learn-more
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morehome-prefs-recommended-by-learn-moreimprovesearch.ha
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1625733248.000002B00269B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsdiscoverystream.personalization.overridediscoverystream.spocs-e
Source: firefox.exe, 00000002.00000003.1191553670.000002B00C8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000002.00000003.1191553670.000002B00C8AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000002.00000003.1614471603.000002B0033A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.mdbrowser.newtabpage.ac
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650intl.menuitems.alwaysappendaccesskeysenv.version
Source: firefox.exe, 00000002.00000003.1458990825.000002B00CB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000002.00000003.1529863947.000002FF0B003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250266984.000002B00D9AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000002.00000003.1250119350.000002B00D9C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/updatePinnedSearchShortcuts/
Source: firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000002.00000003.1613887497.000002B0033DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401874620.000002B00C6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1604598969.000002B00C6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/b12846ae-cbea-4315-86de-7f793
Source: firefox.exe, 00000002.00000003.1292851546.000002B07F512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
Source: firefox.exe, 00000002.00000003.1292851546.000002B07F50C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/fc47be87-063d-4001-9d68-a989
Source: firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/1864eebe-a97d-4196-ba9e-40ba8339789c/health/
Source: firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/639d6aff-3521-475f-a165-426024f2d9f0/health/
Source: firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/717ed3b2-ea8b-46bf-926c-0346b661d09a/event/F
Source: firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/c52da37e-6215-4698-a8c6-7dbc7928eb26/main/Fi
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitapiRequest/request.onreadystatechangeinitialValueCallba
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000002.00000003.1611493002.000002B0034C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1783807362.000002B0034C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1168671028.000002B0034C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000002.00000003.1466541655.000002B004F27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1314505162.000002B004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000002.00000003.1422453526.000002B005D0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000002.00000003.1258015409.000002B004E55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1309031519.000002B00CB92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000002.00000003.1204690450.000002B003223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1543726781.000002B00CF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1356899037.000002B00CF98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1396372929.000002B00CF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250977835.000002B00CF9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000002.00000003.1167777861.000002B00A799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000002.00000003.1576933099.000002B00380E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 00000002.00000003.1576933099.000002B00380E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 00000002.00000003.1576933099.000002B00380E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000003.00000002.2306452313.0000017D24972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE08F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000002.00000003.1576933099.000002B00380E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 00000002.00000003.1789393434.000002B003070000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1619345551.000002B003070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000002.00000003.1399731851.000002B00C9A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000002.00000003.1248591690.000002B07DEB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000002.00000003.1323738309.000002B004DF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349249946.000002B012897000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1321712736.000002B012895000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000002.00000003.1424959970.000002B004DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000002.00000003.1784724163.000002B0033D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000002.00000003.1626824235.000002B002645000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000002.00000003.1551668042.000002B003F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000002.00000003.1551668042.000002B003F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000002.00000003.1551668042.000002B003F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000002.00000003.1551668042.000002B003F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000002.00000003.1783605253.000002B003ED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1615204601.000002B00339C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000002.00000003.1551668042.000002B003F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000002.00000003.1458990825.000002B00CB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000002.00000003.1615318184.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000002.00000003.1615318184.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000002.00000003.1609809333.000002B0037BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000002.00000003.1615318184.000002B00338B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000002.00000003.1785929650.000002B00338B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000002.00000003.1225204761.000002B003848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1396644915.000002B00CF72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addonGetting
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000002.00000003.1299312071.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250076895.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000002.00000003.1259435209.000002B003EC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000002.00000003.1250554234.000002B00D99A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000002.00000003.1620816280.000002B002C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000002.00000003.1620816280.000002B002C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000002.00000003.1541264462.000002B00D358000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1354498882.000002B00D353000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000002.00000003.1405333529.000002B005D1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401222678.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000002.00000003.1170358491.000002B00D428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocsNIMBUS_VARIABLE_CONTILE_SOV_ENABLEDError
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401874620.000002B00C6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1604598969.000002B00C6C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000002.00000003.1611493002.000002B00345A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000002.00000003.1616478656.000002B003334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1611493002.000002B00345A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/devtools.debugger.features.windowless-
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1543726781.000002B00CF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1458405580.000002B00CCC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1356899037.000002B00CF98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1419993813.000002B00CCC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1177875201.000002B00CF9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1434215150.000002B004E69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1396372929.000002B00CF9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1340464255.000002B004E69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1258015409.000002B004E69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1313135562.000002B004E69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1594934779.000002B00CCC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1306533811.000002B00CCC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/A
Source: firefox.exe, 00000002.00000003.1299312071.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250473314.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000002.00000003.1166557656.000002B00D755000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000002.00000003.1177299777.000002B00D3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D39A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D39A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000002.00000003.1408407529.000002B0052A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000002.00000003.1321198433.000002B0128EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 00000002.00000003.1306533811.000002B00CC64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1330051836.000002B07DEDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1330051836.000002B07DEDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D36D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1541264462.000002B00D371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000002.00000003.1458990825.000002B00CB32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1521733644.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1331930616.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 00000002.00000003.1618661159.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1238702845.000002B003A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: firefox.exe, 00000002.00000003.1167084557.000002B00D4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000002.00000003.1306533811.000002B00CC40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000002.00000003.1166143314.000002B00D79D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/searchf458e78b-9128-4027-b344-538f5661c148d908d622-0387-4d36-8098-1a
Source: firefox.exe, 00000002.00000003.1170358491.000002B00D428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000002.00000003.1248591690.000002B07DEFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000002.00000003.1618661159.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000002.00000003.1500117009.000002B003BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1487776703.000002B003BD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1320712518.000002B07E6D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D751000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1494559399.000002B003BDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1490024281.000002B003BDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000002.00000003.1321198433.000002B0128EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000002.00000003.1177299777.000002B00D3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 00000002.00000003.1172207567.000002B00CD8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?resource://services-settings/Attachments.sys.mjsresource://activit
Source: firefox.exe, 00000002.00000003.1321198433.000002B0128EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 00000002.00000003.1177299777.000002B00D3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 00000002.00000003.1299312071.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250473314.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000002.00000003.1351800920.000002B00D739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D739000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000002.00000003.1177299777.000002B00D3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 00000002.00000003.1299312071.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250473314.000002B00D9A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000002.00000003.1609698959.000002B0037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
Source: firefox.exe, 00000002.00000003.1306533811.000002B00CC64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1450943331.000002B00386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE08F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000002.00000003.1465382257.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410096155.000002B004FF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1337600244.000002B004FF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311404104.000002B004FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/7
Source: firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000002.00000003.1177299777.000002B00D3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/setupPrefs/hideDescriptionsRegions
Source: firefox.exe, 00000002.00000003.1422453526.000002B005D0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000002.00000003.1248591690.000002B07DEE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D36D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1541264462.000002B00D371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1264554672.000002B00C4C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
Source: firefox.exe, 00000002.00000003.1401874620.000002B00C6A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE00C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000002.00000003.1354498882.000002B00D3A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.184.196:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.206:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49780 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.16:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49787 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49797 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49799 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49800 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49803 version: TLS 1.2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F63A37 NtQuerySystemInformation,6_2_00000241D8F63A37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F86372 NtQuerySystemInformation,6_2_00000241D8F86372
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F63A376_2_00000241D8F63A37
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F863726_2_00000241D8F86372
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F86A9C6_2_00000241D8F86A9C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F863B26_2_00000241D8F863B2
Source: classification engineClassification label: mal48.winZIP@39/45@87/18
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: WWStartupCtrl64.dll.12.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: WWStartupCtrl64.dll.12.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000002.00000003.1394349245.000002B0129F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7eb6157-f027-4388-a907-6b35217329f1} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b07256ed10 socket
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --loadload-extension=C:\Windows\crx
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,885814846529338984,14222650655154050318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f72bc4a-2e43-4b96-a3b4-bcb4d18e063d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b004f92110 rdd
Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap18132:70:7zEvent24597
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5220 -prefMapHandle 5248 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {523061e7-fae6-40f8-8215-03206ea077c4} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b005da2910 utility
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\sniatsr.exe sniatsr.exe
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7eb6157-f027-4388-a907-6b35217329f1} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b07256ed10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f72bc4a-2e43-4b96-a3b4-bcb4d18e063d} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b004f92110 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5220 -prefMapHandle 5248 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {523061e7-fae6-40f8-8215-03206ea077c4} 6404 "\\.\pipe\gecko-crash-server-pipe.6404" 2b005da2910 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,885814846529338984,14222650655154050318,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\sniatsr.exe sniatsr.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\sniatsr.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: UxTheme.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 00000002.00000003.1290233744.000002B07F5F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1292177688.000002B07F563000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1344527212.000002B07F5F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000002.00000003.1330967429.000002B011B57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1359127783.000002B011B66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000002.00000003.1358016445.000002B011BBA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D423000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dcomp.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdbP4 source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: firefox.exe, 00000002.00000003.1353631369.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305610663.000002B00D46E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb0 source: firefox.exe, 00000002.00000003.1305610663.000002B00D423000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000002.00000003.1330967429.000002B011B57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1359127783.000002B011B66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 00000002.00000003.1299312071.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: srvcli.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 00000002.00000003.1358016445.000002B011BBA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: propsys.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.dr
Source: Binary string: winmm.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winrnr.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.dr
Source: Binary string: psapi.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdbnav-back-shortcut-alt source: firefox.exe, 00000002.00000003.1349822266.000002B00D9FB000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 00000002.00000003.1352533725.000002B00D720000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1301656448.000002B00D720000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 00000002.00000003.1354498882.000002B00D37C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\src-aliim-store\qintao\IMClient-RV\symbol\Release\wwst64.pdb source: 7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe, 0000001A.00000000.1413623563.00007FF62137E000.00000002.00000001.01000000.00000011.sdmp, sniatsr.exe.12.dr
Source: Binary string: dxgi.pdb source: firefox.exe, 00000002.00000003.1300194757.000002B00D998000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nss3.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 00000002.00000003.1350214279.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1299312071.000002B00D9C0000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wsock32.pdb source: firefox.exe, 00000002.00000003.1353238895.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1305054913.000002B00D4DA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: firefox.exe, 00000002.00000003.1305610663.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1353631369.000002B00D43F000.00000004.00000800.00020000.00000000.sdmp
Source: gmpopenh264.dll.tmp.2.drStatic PE information: section name: .rodata
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\sniatsr.exeJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\WWStartupCtrl64.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F63A37 rdtsc 6_2_00000241D8F63A37
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\WWStartupCtrl64.dllJump to dropped file
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: :VMware Virtual disk}
Source: firefox.exe, 00000003.00000002.2320424535.0000017D24B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk1
Source: firefox.exe, 00000003.00000002.2320424535.0000017D24B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW-
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: :VMware Virtual disk
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual diskrendeZ
Source: firefox.exe, 00000003.00000002.2320424535.0000017D24B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk}
Source: firefox.exe, 00000003.00000002.2290515536.0000017D245BE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2320546691.00000241D9020000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2295002869.00000241D885A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000002.00000003.1330051836.000002B07DED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1248591690.000002B07DEB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2318343003.0000017D24A21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: :VMware Virtual disk3Z
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: :VMware Virtual disk1
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: :VMware Virtual diskrendeZ
Source: firefox.exe, 00000002.00000003.1878498713.0000149531980000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
Source: firefox.exe, 00000003.00000002.2290515536.0000017D245BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: firefox.exe, 00000003.00000002.2320424535.0000017D24B00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2320546691.00000241D9020000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 00000010.00000002.2315452698.000001E2CE100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWD
Source: firefox.exe, 00000010.00000002.2290961987.000001E2CDE3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP6
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 6_2_00000241D8F63A37 rdtsc 6_2_00000241D8F63A37
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\sniatsr.exe sniatsr.exeJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping111
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Rundll32		Security Account Manager1
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640819 Sample: sniatsr.zip Startdate: 17/03/2025 Architecture: WINDOWS Score: 48 42 youtube-ui.l.google.com 2->42 44 www.youtube.com 2->44 46 37 other IPs or domains 2->46 62 Multi AV Scanner detection for dropped file 2->62 8 7zG.exe 2 2->8         started        11 firefox.exe 1 2->11         started        13 chrome.exe 2->13         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 38 C:\Users\user\Desktop\sniatsr.exe, PE32+ 8->38 dropped 40 C:\Users\user\Desktop\WWStartupCtrl64.dll, PE32+ 8->40 dropped 18 firefox.exe 3 225 11->18         started        60 192.168.2.16, 138, 443, 49204 unknown unknown 13->60 22 chrome.exe 13->22         started        24 conhost.exe 1 16->24         started        26 sniatsr.exe 16->26         started        file6 process7 dnsIp8 48 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49710, 49726, 49728 GOOGLEUS United States 18->48 50 push.services.mozilla.com 34.107.243.93, 443, 49735, 49764 GOOGLEUS United States 18->50 56 11 other IPs or domains 18->56 34 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 18->34 dropped 36 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 18->36 dropped 28 firefox.exe 1 18->28         started        30 firefox.exe 1 18->30         started        32 firefox.exe 1 18->32         started        52 www.google.com 142.250.184.196, 443, 49699, 49702 GOOGLEUS United States 22->52 54 142.250.184.206, 49697, 80 GOOGLEUS United States 22->54 58 6 other IPs or domains 22->58 file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Users\user\Desktop\WWStartupCtrl64.dll33%ReversingLabsWin64.Spyware.Stilachi
C:\Users\user\Desktop\sniatsr.exe2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://profiler.firefox.com/0%Avira URL Cloudsafe
http://exslt.org/dates-and-times0%Avira URL Cloudsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%Avira URL Cloudsafe
https://identity.mozilla.com/ids/ecosystem_telemetryU0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://xhr.spec.whatwg.org/#sync-warning0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://mathiasbynens.be/notes/javascript-escapes#single0%Avira URL Cloudsafe
http://a9.com/-/spec/opensearch/1.0/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
96.7.128.186
truefalse
    		high
    prod.detectportal.prod.cloudops.mozgcp.net
    		34.107.221.82
    		truefalse
      		high
      services.addons.mozilla.org
      		151.101.129.91
      		truefalse
        		high
        beacons-handoff.gcp.gvt2.com
        		142.250.186.99
        		truefalse
          		high
          contile.services.mozilla.com
          		34.117.188.166
          		truefalse
            		high
            prod.content-signature-chains.prod.webservices.mozgcp.net
            		34.160.144.191
            		truefalse
              		high
              a19.dscg10.akamai.net
              		2.22.61.56
              		truefalse
                		high
                ipv4only.arpa
                		192.0.0.170
                		truefalse
                  		high
                  prod.ads.prod.webservices.mozgcp.net
                  		34.117.188.166
                  		truefalse
                    		high
                    push.services.mozilla.com
                    		34.107.243.93
                    		truefalse
                      		high
                      www.google.com
                      		142.250.184.196
                      		truefalse
                        		high
                        normandy.tombstone.experimenter.prod.webservices.mozgcp.net
                        		34.49.51.44
                        		truefalse
                          		high
                          star-mini.c10r.facebook.com
                          		157.240.0.35
                          		truefalse
                            		high
                            prod.classify-client.prod.webservices.mozgcp.net
                            		35.190.72.216
                            		truefalse
                              		high
                              prod.balrog.prod.cloudops.mozgcp.net
                              		35.244.181.201
                              		truefalse
                                		high
                                twitter.com
                                		172.66.0.227
                                		truefalse
                                  		high
                                  shavar.prod.mozaws.net
                                  		44.227.2.166
                                  		truefalse
                                    		high
                                    plus.l.google.com
                                    		172.217.16.206
                                    		truefalse
                                      		high
                                      dyna.wikimedia.org
                                      		185.15.59.224
                                      		truefalse
                                        		high
                                        prod.remote-settings.prod.webservices.mozgcp.net
                                        		34.149.100.209
                                        		truefalse
                                          		high
                                          beacons.gvt2.com
                                          		142.251.143.67
                                          		truefalse
                                            		high
                                            youtube-ui.l.google.com
                                            		172.217.16.142
                                            		truefalse
                                              		high
                                              reddit.map.fastly.net
                                              		151.101.129.140
                                              		truefalse
                                                		high
                                                play.google.com
                                                		142.250.186.78
                                                		truefalse
                                                  		high
                                                  telemetry-incoming.r53-2.services.mozilla.com
                                                  		34.120.208.123
                                                  		truefalse
                                                    		high
                                                    www.reddit.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      spocs.getpocket.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        beacons.gcp.gvt2.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          content-signature-2.cdn.mozilla.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            firefox.settings.services.mozilla.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              www.youtube.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.facebook.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  detectportal.firefox.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    normandy.cdn.mozilla.net
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      shavar.services.mozilla.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        apis.google.com
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		high
                                                                          www.wikipedia.org
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		high

                                                                            URLs from Memory and Binaries

                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000002.00000003.1625733248.000002B00269B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://mozilla.org/#/properties/showImportAllfirefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://detectportal.firefox.com/firefox.exe, 00000002.00000003.1615649118.000002B003387000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://mozilla.org/#/properties/trendingRequireSearchModefirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 00000002.00000003.1204690450.000002B003223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1762390809.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1467590321.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1782249724.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1425132182.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1342229951.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1606087334.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1547534132.000002B004DBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323738309.000002B004DBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.mozilla.com0firefox.exe, 00000002.00000003.1556614492.000002B0120E2000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.2.drfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000003.00000002.2306452313.0000017D24972000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE08F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.leboncoin.fr/firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://mozilla.org/#/properties/disableGreaseOnFallbackfirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/w3c/csswg-drafts/issues/4650intl.menuitems.alwaysappendaccesskeysenv.versionfirefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000002.00000003.1170358491.000002B00D428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://screenshots.firefox.comfirefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://mozilla.org/#/properties/insecureFallbackfirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://mathiasbynens.be/notes/javascript-escapes#singlefirefox.exe, 00000002.00000003.1576933099.000002B00380E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://shavar.services.mozilla.comfirefox.exe, 00000002.00000003.1299312071.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1250076895.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1349822266.000002B00D9DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000002.00000003.1616478656.000002B003334000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1611493002.000002B00345A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000002.00000003.1394349245.000002B0129BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://mozilla.org/#/properties/greasePaddingSizefirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://addons.mozilla.org/en-US/firefox/collections/4757633/25c2b44583534b3fa8fea977c419cd/?page=1&firefox.exe, 00000002.00000003.1450943331.000002B00386F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://mozilla.org/#/properties/richSuggestionsFeatureGatefirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://getpocket.com/firefox/new_tab_learn_morehome-prefs-recommended-by-learn-moreimprovesearch.hafirefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000002.00000003.1354498882.000002B00D3A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/74f06853-c80d-4afc-9b2firefox.exe, 00000002.00000003.1450943331.000002B00386F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000002.00000003.1618661159.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1238702845.000002B003A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1789219368.000002B00309D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://profiler.firefox.com/firefox.exe, 00000002.00000003.1248591690.000002B07DEB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://www.msn.comfirefox.exe, 00000002.00000003.1422453526.000002B005D0D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://mozilla.org/#/properties/quickSuggestSponsoredEnabledfirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/JSON.parse:firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1521733644.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1331930616.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drfalse
                                                                                                                                                		high
                                                                                                                                                http://mozilla.org/0firefox.exe, 00000002.00000003.1529863947.000002FF0B003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000002.00000003.1110516679.000002B002100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1110750862.000002B002505000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://exslt.org/setsfirefox.exe, 00000002.00000003.1347939383.000002B07DDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000002.00000003.1301656448.000002B00D753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000002.00000003.1256044109.000002B00518E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1539075.module--carousel__leftfirefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://mozilla.org/0Cfirefox.exe, 00000002.00000003.1598483494.000037F9F8903000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://mozilla.org/#/properties/quickSuggestSponsoredIndexfirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000002.00000003.1355799913.000002B00D0B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://exslt.org/commonfirefox.exe, 00000002.00000003.1347939383.000002B07DDA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.amazon.com/firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://fpn.firefox.comfirefox.exe, 00000002.00000003.1330051836.000002B07DEEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://exslt.org/dates-and-timesfirefox.exe, 00000002.00000003.1348286761.000002B07DD81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1295274684.000002B07DD81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000002.00000003.1168671028.000002B0034B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600firefox.exe, 00000002.00000003.1295274684.000002B07DDB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1536420312.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1477881867.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000003.00000002.2306452313.0000017D249C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2316030452.000001E2CE204000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.2.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.symauth.com/cps0(7zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.youtube.com/firefox.exe, 00000002.00000003.1256044109.000002B005185000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE00C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://MD8.mozilla.org/1/mfirefox.exe, 00000002.00000003.1427853632.000002B0047AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/mr2022-upgrade-onboarding-pin-private-firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=16965812014firefox.exe, 00000002.00000003.1521733644.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1331930616.000002B07DDC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.bbc.co.uk/firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1308206053.000002B00CBAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000002.00000003.1395655649.000002B00D04D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8AC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE0C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://127.0.0.1:firefox.exe, 00000002.00000003.1626824235.000002B00265B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539009733.000002B005D9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539009733.000002B005DA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1170358491.000002B00D428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000002.00000003.1244666330.000002B00C8CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000002.00000003.1225204761.000002B003848000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://bugzilla.mofirefox.exe, 00000002.00000003.1259435209.000002B003EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.symauth.com/rpa007zG.exe, 0000000C.00000003.1281677125.000001DF932F0000.00000004.00000800.00020000.00000000.sdmp, sniatsr.exe.12.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000002.00000003.1611493002.000002B00345A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://shavar.services.mozilla.com/firefox.exe, 00000002.00000003.1259435209.000002B003EC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://mozilla.org/#/properties/h3GreaseEnabledfirefox.exe, 00000002.00000003.1633178303.000002B0044AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://spocs.getpocket.com/firefox.exe, 00000002.00000003.1405333529.000002B005D1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1401222678.000002B00C97D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.2306887525.00000241D8A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2304136523.000001E2CE013000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetryfirefox.exe, 00000002.00000003.1633284579.000002B0044A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://www.iqiyi.com/firefox.exe, 00000002.00000003.1401619784.000002B00C6D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000002.00000003.1145954038.000002B004461000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1323088264.000002B00CB6B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://mozilla.org/#/properties/booleanfirefox.exe, 00000002.00000003.1633025987.000002B0044B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000002.00000003.1615649118.000002B00335D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000002.00000003.1400100720.000002B00C99E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  https://normandy.cdn.mozilla.netfirefox.exe, 00000002.00000003.1789393434.000002B003070000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1619345551.000002B003070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.2299230512.000001E2CDEB0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 00000002.00000003.1251569611.000002B005CDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1539320376.000002B005CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1225204761.000002B003851000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1191553670.000002B00C8AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1546707122.000002B004FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1465382257.000002B004FD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1257252095.000002B004FA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1189852705.000002B003B8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1441110436.000002B0027F1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1410726084.000002B004FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1258015409.000002B004E41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1440281815.000002B002BB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1190044445.000002B003B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1396072690.000002B00CFD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1225204761.000002B003839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1111120260.000002B0025DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1193674460.000002B003BED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1311961724.000002B004FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1340464255.000002B004E4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1251569611.000002B005CF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1461690543.000002B005CF3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://account.bellmedia.cfirefox.exe, 00000002.00000003.1422453526.000002B005D0D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://www.openh264.org/firefox.exe, 00000002.00000003.1248591690.000002B07DEE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://login.microsoftonline.comfirefox.exe, 00000002.00000003.1258015409.000002B004E55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1309031519.000002B00CB92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                  151.101.129.91
                                                                                                                                                                                                                                                                  		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                  34.49.51.44
                                                                                                                                                                                                                                                                  		normandy.tombstone.experimenter.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                  34.117.188.166
                                                                                                                                                                                                                                                                  		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                  142.250.184.206
                                                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.120.208.123
                                                                                                                                                                                                                                                                  		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  142.250.184.196
                                                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  142.250.186.78
                                                                                                                                                                                                                                                                  		play.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  172.217.16.206
                                                                                                                                                                                                                                                                  		plus.l.google.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  2.22.61.56
                                                                                                                                                                                                                                                                  		a19.dscg10.akamai.netEuropean Union
                                                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                  34.149.100.209
                                                                                                                                                                                                                                                                  		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                  34.107.243.93
                                                                                                                                                                                                                                                                  		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.107.221.82
                                                                                                                                                                                                                                                                  		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  44.227.2.166
                                                                                                                                                                                                                                                                  		shavar.prod.mozaws.netUnited States
                                                                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                  35.244.181.201
                                                                                                                                                                                                                                                                  		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  35.190.72.216
                                                                                                                                                                                                                                                                  		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                  34.160.144.191
                                                                                                                                                                                                                                                                  		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                  		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                                                  192.168.2.16
                                                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                                                  Analysis ID:1640819
                                                                                                                                                                                                                                                                  Start date and time:2025-03-17 18:58:28 +01:00
                                                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                  Overall analysis duration:0h 6m 28s
                                                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                  Number of analysed new started processes analysed:31
                                                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                  Sample name:sniatsr.zip
                                                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                                                  Classification:mal48.winZIP@39/45@87/18
                                                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                                                  • Successful, ratio: 25%
                                                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                                                  • Number of executed functions: 3
                                                                                                                                                                                                                                                                  • Number of non-executed functions: 1
                                                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                                                  • Found application associated with file extension: .zip

                                                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.251.168.84, 142.250.184.227, 199.232.210.172, 172.217.23.106, 142.250.184.202, 142.250.185.170, 142.250.186.138, 142.250.185.106, 142.250.186.106, 172.217.18.10, 142.250.185.74, 142.250.185.202, 216.58.212.138, 142.250.185.234, 216.58.206.74, 142.250.186.170, 142.250.185.138, 172.217.18.106, 142.250.184.234, 142.250.181.234, 172.217.16.195, 142.250.181.227, 142.250.185.78, 142.250.185.238, 142.250.186.142, 142.250.185.206, 142.250.185.174, 142.250.74.206, 216.58.206.78, 172.217.18.110, 142.250.186.174, 216.58.206.46, 142.250.185.110, 216.58.212.142, 172.217.16.142, 4.245.163.56, 23.60.203.209, 2.23.227.208, 20.42.65.90, 204.79.197.222, 13.107.6.254, 13.107.138.254, 20.190.160.4, 2.19.96.66
                                                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fp.msedge.net, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, aus5.mozilla.org, b-ring.msedge.net, spo-ring.msedge.net, clients2.google.com, redirector.gvt1.com, login.live.com, update.googleapis.com, safebrowsing.googleapis.com, www.gstatic.com, c.pki.goog, www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com, t-ring-fdv2.msedge.net, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, browser.pipe.aria.microsoft.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                  • Execution Graph export aborted for target firefox.exe, PID 6404 because there are no executed function
                                                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                                                  13:59:13API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                  34.49.51.44random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                      VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          https://dub.sh/CBJeBrPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      34.117.188.166Andrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              AaxpYFDQ32.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                  random.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                    http://mail.aestheticfina.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      REMITTANCE DETAILS....xlsxGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                                                                                                                                                                                                                                                                                                        F2024065877 (1).htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          2.22.61.56random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                                                                                                                                                                                                                                                                                                          151.101.129.91random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            https://auth.microsites.m-atelier.cz/redir?url=https://telegra.ph/Charlotte-Reeves-03-13&data=05%7C02%7Cteat@test.com%7Cf85134ec55e24fa0741708dd623d50ea%7C22def1f7e945453d836bda7282c42443%7C0%7C0%7C638774737677482831%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ==%7C0%7C%7C%7C&sdata=AFWlQKGCYsB3szoYr99UdtJsHEuv5b0KPmvHih+dvhk=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                              https://9b861c16-89be-495d-af06-94ec1b71b5cd-00-3shcaiuf2cafc.worf.replit.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                http://account.hrblock.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                  VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    http://www.creditsafe.com/us/en.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      http://mail.aestheticfina.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        https://pixcams.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          http://uamotyevd.giftrend.click/index.php?search=4&d155157&gjzla=302-2094&lm=1652441IFAP403&sd=9&page=WrLaWzz2HzKyHSpGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                                            https://docs.google.com/presentation/d/e/2PACX-1vSD3xRufJnO_BfDj9K5us0EOxJ5Ucd5eKFcymNDbUl3yssUv-r9zr-8ZT_7mbdEC2j7QbP4plEl8AAV/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                              beacons-handoff.gcp.gvt2.comhttps://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.181.227
                                                                                                                                                                                                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.180.99
                                                                                                                                                                                                                                                                                                                              http://mycoitracking.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.185.195
                                                                                                                                                                                                                                                                                                                              https://www.create.xyz/share/6325b98f-b30d-47ba-9023-722ed2e51a09Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.251.143.67
                                                                                                                                                                                                                                                                                                                              https://storage.googleapis.com/dfh7d89fh7df4j65djf4g65j4s6fg7j/031.html#LAst01.html?syb=1x167d493f46630a_vl_b2d.ja6t63xhxq8-0bmkl2j.54qf18g.BOwWGLPM3hoeHE4LTBibWtsMmo0u6NviGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 142.251.143.35
                                                                                                                                                                                                                                                                                                                              https://drive.google.com/open?id=1f0VA7DcPO7azS3NFF2G0qkmrTl_7PW0xGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.180.67
                                                                                                                                                                                                                                                                                                                              https://u50430826.ct.sendgrid.net/ls/click?upn=u001.ti8ieZl2nrno9-2FHO6mcOPlNj6bCOJj0Ry4ZoAvHo7MRwQrg1VJTS2EcW6CwZ1UBz02AKUneHxnBTh056U-2FtbO1spU5WbeLMuaksZRbYXitF8p-2FYpvSNQYJ7Jmi-2FFNJNCKtlzT7SWIq0x-2BvACymLs4JXSf3CffvYfb47kT9ZdjGM-3D7Fiq_jwEsnDw4GmrvhJ1keAQUZlF8n8WRn-2Bb6GYZTmhnJgbhBW97RUmpNnG-2FbRP82MDgBOWq6nR1z2RvtqnhmiUcyU-2FS-2FM0Sy2BV-2B5wInRl1tbVzfNqjK2TrYG8ZDuCDHnnHGvWPIBiaoHTCSBWtYS-2F3sMe3XOXMop3nXdKxV1-2Fth0SFRhujEy7lk8Nt3dgsDkgODnuAmnrAji3nhD1xeOQ7LaDsmN3d7xk3OnN3k6uOEuqzb5j2tkE9YUHeS-2Bp-2F-2FjLHQItg059XnBNN1OWZAjAQQsQFZstpVtv9DkxVg27nNSbrc27jQRPjqADikXomDs0u9nqjjrv3j3FqzF4-2B2CtxHtTYn8gc6v2A0sl8G-2B3fbbw2oXJ9gostlmcoP5xl5KslIZF3fgHSnmLLseF5dXSfqpAzatAWVwDEVvxpDsO-2Bx9OvvK8x5UkGLqmPrwjUTMFZ1Gxe9eTN-2FDXI6qycqufXfOffYmiR6cbYY4ziWxp-2BvvNphWFfWEBFsyrIVvw7TFuzIuKR3AyTz4S62GaHdmBzxg5K4C0THNlgxgfKyrIB38Av2VEJaaIn8lKq5wfFCQ35bwxRBGlruMdDsZMUScgqNXgiDwWe27odFmqjeEDhLMdYoR6iXDzifDQor5nWOJZ9-2FjI3tOXy7nHx9ki7KJZF5-2Bf9jfOuCCbEwndKQ-2F34ls-2Bo8vHb3lpPrJcROEFO3ayAbf-2BCWoLBAJe5mmqmGUJEu72Wf6roc2RumR2g4aWRFP36lK6TryH0-2BHIXwxkz-2FidzjbrtSMJkpiEE1Ps4UYBUXhoa0uMmH3FhRXTj9EAFMxlydbeOdiJmqr4Irv2PXCXSK4Y40EX-2B4Fs848VbXr0KHAHxMK3nc3KontyHsb-2FzHGDcKLKu2F51XHe302f6CLETDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.251.143.35
                                                                                                                                                                                                                                                                                                                              http://onestart.aiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.251.143.35
                                                                                                                                                                                                                                                                                                                              https://app.eraser.io/workspace/32c12MLUJSCjts5wfE3E?origin=shareGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.186.99
                                                                                                                                                                                                                                                                                                                              https://www.e4e-soluciones.com/blog-eficiencia-energetica/potencia-a-contratar-para-un-ascensorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 142.250.186.35
                                                                                                                                                                                                                                                                                                                              example.orgAndrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 23.215.0.133
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.186
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.192
                                                                                                                                                                                                                                                                                                                              VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 23.215.0.132
                                                                                                                                                                                                                                                                                                                              AaxpYFDQ32.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.192
                                                                                                                                                                                                                                                                                                                              am_no.batGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 23.215.0.132
                                                                                                                                                                                                                                                                                                                              LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.186
                                                                                                                                                                                                                                                                                                                              5c9465cda4.exeGet hashmaliciousAmadey, GCleaner, LiteHTTP Bot, LummaC Stealer, Mint Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.186
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.192
                                                                                                                                                                                                                                                                                                                              http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 96.7.128.192
                                                                                                                                                                                                                                                                                                                              services.addons.mozilla.orgrandom.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.193.91
                                                                                                                                                                                                                                                                                                                              VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              https://dub.sh/CBJeBrPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.65.91
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.193.91
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.1.91
                                                                                                                                                                                                                                                                                                                              https://steamecomrmunity.com/s/10423910953Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.65.91
                                                                                                                                                                                                                                                                                                                              https://drive.google.com/file/d/1FVDnmU54G6_GaADSmojqRgpCVK0Y1U9s/view?usp=sharingGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.1.91

                                                                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                              GOOGLE-AS-APGoogleAsiaPacificPteLtdSGAndrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.188.166
                                                                                                                                                                                                                                                                                                                              SpotifyStartupTask.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                                                                                                                                                              Crack2025.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                                                                                                                                                              ImageG.exeGet hashmaliciousNovaSentinelBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                                                                                                                                                              ImageG.exeGet hashmaliciousNovaSentinelBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                                                                                                                                                              Build.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.188.166
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.188.166
                                                                                                                                                                                                                                                                                                                              KKveTTgaAAsecNNaaaa.spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 34.117.111.68
                                                                                                                                                                                                                                                                                                                              KKveTTgaAAsecNNaaaa.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                              • 34.65.20.104
                                                                                                                                                                                                                                                                                                                              ATGS-MMD-ASUShttps://app.eraser.io/workspace/32c12MLUJSCjts5wfE3E?origin=shareGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 34.8.177.196
                                                                                                                                                                                                                                                                                                                              hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 32.253.30.252
                                                                                                                                                                                                                                                                                                                              hgfs.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 57.140.210.119
                                                                                                                                                                                                                                                                                                                              hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 51.130.145.56
                                                                                                                                                                                                                                                                                                                              hgfs.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 48.167.245.171
                                                                                                                                                                                                                                                                                                                              hgfs.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 57.193.173.85
                                                                                                                                                                                                                                                                                                                              hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 32.61.231.221
                                                                                                                                                                                                                                                                                                                              hgfs.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 57.139.89.92
                                                                                                                                                                                                                                                                                                                              arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                              • 48.91.143.202
                                                                                                                                                                                                                                                                                                                              hgfs.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 51.114.236.198
                                                                                                                                                                                                                                                                                                                              AKAMAI-ASN1EUhttps://gamma.app/docs/LGBTQ-plus-Race-Ethnicity-Culture-and-Class-An-Intersectional-Con-w8f3vrxu51q7dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 88.221.110.26
                                                                                                                                                                                                                                                                                                                              https://click.selectiveasia.com/l391pk/vx4w8gZPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 2.16.100.106
                                                                                                                                                                                                                                                                                                                              VM(Carmen)52177372.mp4.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 95.101.182.112
                                                                                                                                                                                                                                                                                                                              phish_alert_iocp_v1.4.48 - 2025-03-17T084047.721.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 2.22.61.153
                                                                                                                                                                                                                                                                                                                              https://forms.office.com/e/CzYzGKsuJ0h0Qz9CdMLPYe0NavsKbyZ12uW0kP6Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 2.22.242.120
                                                                                                                                                                                                                                                                                                                              Wpb00990__098.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                              • 95.101.182.112
                                                                                                                                                                                                                                                                                                                              http://mycoitracking.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 104.115.82.25
                                                                                                                                                                                                                                                                                                                              https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 95.101.182.112
                                                                                                                                                                                                                                                                                                                              https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 95.101.182.112
                                                                                                                                                                                                                                                                                                                              0131.mp4.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 72.247.154.152
                                                                                                                                                                                                                                                                                                                              FASTLYUS1099-NEC.pdfGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.1.229
                                                                                                                                                                                                                                                                                                                              http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWoGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.66.137
                                                                                                                                                                                                                                                                                                                              2450856955_.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.130.137
                                                                                                                                                                                                                                                                                                                              1099-NEC.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                                                                                                                                                                              https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3DGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                                                                                                                              https://www.languagesim.com/interpretationterms/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                                                                                                                                                                              https://click.selectiveasia.com/l391pk/vx4w8gZPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.2.137
                                                                                                                                                                                                                                                                                                                              VM(Carmen)52177372.mp4.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.130.137
                                                                                                                                                                                                                                                                                                                              https://forms.office.com/e/CzYzGKsuJ0h0Qz9CdMLPYe0NavsKbyZ12uW0kP6Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                              • 151.101.193.181

                                                                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                              fb0aa01abe9d8e4037eb3473ca6e2dcaAndrej Simulator X.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              Document25.xlsmGet hashmaliciousScreenConnect Tool, AsyncRAT, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              VirusShare_661c60ba6e4e5e7864714aed6cda9d55.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              AaxpYFDQ32.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              am_no.batGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123
                                                                                                                                                                                                                                                                                                                              Ahnenblatt4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                              • 35.244.181.201
                                                                                                                                                                                                                                                                                                                              • 34.149.100.209
                                                                                                                                                                                                                                                                                                                              • 34.160.144.191
                                                                                                                                                                                                                                                                                                                              • 151.101.129.91
                                                                                                                                                                                                                                                                                                                              • 34.120.208.123

                                                                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmprandom.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    https://dub.sh/CBJeBrPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              https://drive.google.com/file/d/1FVDnmU54G6_GaADSmojqRgpCVK0Y1U9s/view?usp=sharingGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      http://pixcams.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                        https://dub.sh/CBJeBrPGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                random.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  https://drive.google.com/file/d/1FVDnmU54G6_GaADSmojqRgpCVK0Y1U9s/view?usp=sharingGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                                                                                    random.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_84bfdb8a-0108-4619-a29b-28d47af64947.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.179427113669337
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:iOLMXRNGtbhbVbTbfbRbObtbyEl7nSrlJA6UnSrDtTEd/S9V:iOwWtNhnzFSJyrgLnSrDhEd/+
                                                                                                                                                                                                                                                                                                                                                                      MD5:9BA6FE029C9D3FA57A65912F321AB7EE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:068226C7A4E03FE8716DE154DF99B31111BD7CD6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C94E4577DA77A66119AA19305B877C6BBFBB4DFDB7E5F10475462536D732F832
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CACEC9E8B99BF68CFF69256C6CB4B5A44860E61B874372BE9538D0C5E49D169BE9C9BCFFA7036C5571BDC5D1D59313D22D56B02D68A81DCD7CA876F6D96483BE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"84bfdb8a-0108-4619-a29b-28d47af64947","creationDate":"2025-03-17T19:30:58.673Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_84bfdb8a-0108-4619-a29b-28d47af64947.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.179427113669337
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:iOLMXRNGtbhbVbTbfbRbObtbyEl7nSrlJA6UnSrDtTEd/S9V:iOwWtNhnzFSJyrgLnSrDhEd/+
                                                                                                                                                                                                                                                                                                                                                                      MD5:9BA6FE029C9D3FA57A65912F321AB7EE
                                                                                                                                                                                                                                                                                                                                                                      SHA1:068226C7A4E03FE8716DE154DF99B31111BD7CD6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C94E4577DA77A66119AA19305B877C6BBFBB4DFDB7E5F10475462536D732F832
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:CACEC9E8B99BF68CFF69256C6CB4B5A44860E61B874372BE9538D0C5E49D169BE9C9BCFFA7036C5571BDC5D1D59313D22D56B02D68A81DCD7CA876F6D96483BE
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"84bfdb8a-0108-4619-a29b-28d47af64947","creationDate":"2025-03-17T19:30:58.673Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.9311535763311864
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNh9Gxeln:8S+OIfPUFuOdwNIOd8jvYR0uLuY8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:4B7C728ED2DB645666A673199CCBCDD6
                                                                                                                                                                                                                                                                                                                                                                      SHA1:59FCFC383E73405011DA2B7CDEC692F249DDE5FE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4100EE817312B23B2907CA1F98723E8689A124B1412B6600E4C35F8A6D24CEA9
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EAD8E11312785E221BF972B53A11E4EDBC13474B896F8C0273273B5ABB4EF4013A9873D27B6D9B8776EBC863E63FD06F7495F822408B17F795179122A57947E2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.9311535763311864
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YnSwkmrOIfPUFuOdwNIOdoWLEWLtkDB/u4x5FBvipA6kbSathfkLuhakNh9Gxeln:8S+OIfPUFuOdwNIOd8jvYR0uLuY8P
                                                                                                                                                                                                                                                                                                                                                                      MD5:4B7C728ED2DB645666A673199CCBCDD6
                                                                                                                                                                                                                                                                                                                                                                      SHA1:59FCFC383E73405011DA2B7CDEC692F249DDE5FE
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:4100EE817312B23B2907CA1F98723E8689A124B1412B6600E4C35F8A6D24CEA9
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:EAD8E11312785E221BF972B53A11E4EDBC13474B896F8C0273273B5ABB4EF4013A9873D27B6D9B8776EBC863E63FD06F7495F822408B17F795179122A57947E2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                      MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                      MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.187080624303907
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:9I4ivfiXD4R6C444ylW47s48yilvs4/4ji4P4a4Bd4U:9i1AyQvP
                                                                                                                                                                                                                                                                                                                                                                      MD5:5774E6BEEB8C63A660A4C37E130F7D30
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B3F7B89A4A143BA839593F6368822C5E7C0FE20D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E2C331AEE64E1D381A7D9E579E7EB7236AFDE83239780D18945DE3152602E610
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:2F16D11971091141224DFF45721E96E5617CCA12E6EC5AC037770D35251CEC28D8758929474424F01B2BBD6236EDBCE82CD2E20FECE3A95E5C0173E345979E47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{45005050-3e88-41ad-8766-e52c88f37369}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:GtlstFCOV92cylstFCOV92cvT89//alEl:GtWtAEfyWtAEf789XuM
                                                                                                                                                                                                                                                                                                                                                                      MD5:C54F9D59EB86BF37358309A36C0B0259
                                                                                                                                                                                                                                                                                                                                                                      SHA1:02CBAD074BA41E08B7FB3B16E287AB190F955BC2
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:8D2689C24A3748B967E7B8A4FE8F6BDBF85A07AF334A083D39A48FEF0D7F86E1
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3F440711E416E80923B159A54704836313A74EDA4C80168F4613C055AD39D74DF5305A95B3807F5EB846AE0DBF7678BA9D9D3FE18944737C8C1FEB3A1E8456CB
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.......................e..W.................-.......................e..W.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.03941935905130798
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:Ol1GqRtWalN8R1fLTl8rEXsxdwhml8XW3R2:KEvuSTl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                      MD5:D24FAA78A34ABBBE53F527122FC38536
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4C095919AD785FCA94B106688E00B142DDD16750
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C09AD055488FAD43EAE10F1768E7B02EA57379C87C26CFFC385A090EAC3C8246
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3252E58DC010FB3EED8A29CEB00FED8AD433BAD880FE4F4AEA4562473F66E277F7E2F5EE531502D205C5DCA21FC49BEDF005A84A5E1577EA54FCF644E32A5A6D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:7....-...................,..sr................e....W.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13227
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.484351622992965
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:9nGRvo1YYbBp66DLZwxhaXZ6+aCNGr5RuFNBw8ssSl:meLFwx5ZukEw20
                                                                                                                                                                                                                                                                                                                                                                      MD5:04FDE213023C21E5526EDCCE9611F37B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:32ACA77B925542F97C7875774FA6ED799636874E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F83DB6658BCE3ED76AAFB42882FC49179DC07B7ABBB24EF8A76CDAEC0213BD11
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:ABC16C576ED5242D6C51DA252088D0439046499EC64592DA111935781F8B71CE7F2DEDD57A723D12CBB1B93972CEE2D693DB1B48FF038C90573C36BC932579A9
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.lastInstalledTaskVersion", 3);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1742239822);..user_pref("app.update.lastUpdateTime.background-update-timer", 1742239822);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1742239822);..user

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13227
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.484351622992965
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:9nGRvo1YYbBp66DLZwxhaXZ6+aCNGr5RuFNBw8ssSl:meLFwx5ZukEw20
                                                                                                                                                                                                                                                                                                                                                                      MD5:04FDE213023C21E5526EDCCE9611F37B
                                                                                                                                                                                                                                                                                                                                                                      SHA1:32ACA77B925542F97C7875774FA6ED799636874E
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F83DB6658BCE3ED76AAFB42882FC49179DC07B7ABBB24EF8A76CDAEC0213BD11
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:ABC16C576ED5242D6C51DA252088D0439046499EC64592DA111935781F8B71CE7F2DEDD57A723D12CBB1B93972CEE2D693DB1B48FF038C90573C36BC932579A9
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.lastInstalledTaskVersion", 3);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1742239822);..user_pref("app.update.lastUpdateTime.background-update-timer", 1742239822);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1742239822);..user

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                      MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1515
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.241963950330618
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:vYSUGlii4zUXGLXV+Hy62PHYB+mkDT5sQO/5WYBMwuH9C6eyhwI8DCQf9qvAk4eG:ApCvGgHyqB+mqY/54nx182ukzT8Goh
                                                                                                                                                                                                                                                                                                                                                                      MD5:F70F10001E9A07FDE6DD749D2C7B1911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:17C710793ADE28C1EBB2EEAF3E42173B1A9F21BA
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:50465EA8E47DD4697C020D6561F763B80103BFC0D1D56AF5389BBAC5B482922F
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C0934330D5CA063ACB1AE5DBD57A4CEFA0C416F9675EC4944AA8D4384141FDC7F15878A427A1B867E2C0F3016CBD2A0B530AD70419C7FE5ACB20D651F1768B28
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{9bf5c20e-d9dd-43c6-b783-a20b651c3230}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{1e435daa-84ca-457e-8c27-95d7ede59d0b}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1742239813656,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."4378c673-0e80-4f61-9fd7-a34963b93441","z...1...W"..1..............U.1":{..jUpdate...9,"startTim..`791663...centCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO.."9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f5z.0d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..fexpiry...

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5786 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1515
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.241963950330618
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:vYSUGlii4zUXGLXV+Hy62PHYB+mkDT5sQO/5WYBMwuH9C6eyhwI8DCQf9qvAk4eG:ApCvGgHyqB+mqY/54nx182ukzT8Goh
                                                                                                                                                                                                                                                                                                                                                                      MD5:F70F10001E9A07FDE6DD749D2C7B1911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:17C710793ADE28C1EBB2EEAF3E42173B1A9F21BA
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:50465EA8E47DD4697C020D6561F763B80103BFC0D1D56AF5389BBAC5B482922F
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:C0934330D5CA063ACB1AE5DBD57A4CEFA0C416F9675EC4944AA8D4384141FDC7F15878A427A1B867E2C0F3016CBD2A0B530AD70419C7FE5ACB20D651F1768B28
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{9bf5c20e-d9dd-43c6-b783-a20b651c3230}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{1e435daa-84ca-457e-8c27-95d7ede59d0b}\"}}","hasUserInteractA...false,"triggeringP\.....3...E..6docIdentifier":8,"persist":true}],"lastAccessed":1742239813656,"hiddey..searchMode...userContextId|..attribut....{},"index":1,"requestedI..p0,"imag....chrome://branding/cU..nt/icon32.png"..aselect...,"_closedT5.@],"_...C....GroupCount":-1,"busy...r...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem...."minimized","workspace...."4378c673-0e80-4f61-9fd7-a34963b93441","z...1...W"..1..............U.1":{..jUpdate...9,"startTim..`791663...centCrash...0},"global..Dcook.. ho;..."addons.mozilla.org","valu.. 7cO.."9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f5z.0d41;. pa..p"/","na..`"taarI..bsecure...,"httponly..fexpiry...

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032181866540058
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYDpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycDdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:DE32EEE0558CD93E1B9AC1765017218D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7A8F3F983BD7EF100DA350A0B1A9090CF620ACA5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2E4D7DB523B37C8D079CDA16A3ACF706260A2C008DBBB2843D2D30E59A359E94
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FC4F089EF0E35998095A3F9DD3EFF5F399D0C9FC9EEF32959916742EAD0357478241B331400030701F74DB916F068E98E37108B9D2A46DF646F1E325B57E04A2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-03-17T19:30:13.128Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.032181866540058
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYDpUQZpExB1+anOdWtVheTV2hWUzzc89YMsku7f86SLAVL7Kl5FtsfAcbyJW:ycDdTEr59kUzzctvbw6KkqRrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:DE32EEE0558CD93E1B9AC1765017218D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7A8F3F983BD7EF100DA350A0B1A9090CF620ACA5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:2E4D7DB523B37C8D079CDA16A3ACF706260A2C008DBBB2843D2D30E59A359E94
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FC4F089EF0E35998095A3F9DD3EFF5F399D0C9FC9EEF32959916742EAD0357478241B331400030701F74DB916F068E98E37108B9D2A46DF646F1E325B57E04A2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2025-03-17T19:30:13.128Z","profileAgeCreated":1696583300378,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\Desktop\WWStartupCtrl64.dll

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\7-Zip\7zG.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1200640
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.525783996561104
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:zPggB469+54QUCygE/GUBgfVdLqyAN99+ct7q/JJGy:zPgI469o4X9GtddaYJr
                                                                                                                                                                                                                                                                                                                                                                      MD5:BBC26E8673301C50C7397A48F6190D50
                                                                                                                                                                                                                                                                                                                                                                      SHA1:D7BD95A3D7756F3366BDD068CB1AD345E0EAE31B
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:394743DD67EB018B02E069E915F64417BC1CD8B33E139B92240A8CF45CE10FCB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:3DDD4A4808056451ED267D81FAD56B0ABC3A4A6D72ECF429969E05F34E729F4FB01869149C503FA20E417089695B9868CF8C83AB7759FF9728663B8915DB2CA5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..a`..a`..a`v:.`..a`o..`..a`...`..a`.:.`B.a`.:.`.a`.:.`..a`...`..a`...`..a`...`..a`..``..a`.:.`(.a`.:.`..a`.:.`..a`Rich..a`........PE..d... 6.W.........." .................6....................................................@.........................................@#..."......d............@.......................................................................................................text............................... ..`.rdata.............................@..@.data...P....P...d...:..............@....pdata.......@......................@..@.rsrc................0..............@..@.reloc........... ...2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\Desktop\sniatsr.exe