Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PDFSkills.zip

Overview

General Information

Sample name:PDFSkills.zip
Analysis ID:1640975
MD5:8e4262a59dc7af4c98ffa6e933619ef5
SHA1:dbf18f7d91b71bb3c959cc24d288bee1e205c66c
SHA256:6a387a081bc25e1ec1b5ea2c25c5c2870d6da7346f227f55b5d52c66169551a3
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6836 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • 7zG.exe (PID: 7136 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\PDFSkills\" -spe -an -ai#7zMap31509:74:7zEvent32624 MD5: 50F289DF0C19484E970849AAC4E6F977)
  • chrome.exe (PID: 6376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,15551878453831384445,17413725009215287088,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • firefox.exe (PID: 7216 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7236 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7440 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f144ade-7c74-4615-a20b-ce073e61fc42} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ac36d110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8152 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3352 -prefMapHandle 3984 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d71a661c-9e12-4709-829a-434f9a04f141} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237be2de110 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7948 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5308 -prefMapHandle 5228 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a6cdf3-7708-459f-b471-0e5883bc1412} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ca008b10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cmd.exe (PID: 8108 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Uninstall.exe (PID: 5684 cmdline: Uninstall.exe MD5: 183D5DE46F38600D0AEBD4A3D7C6CF5F)
    • PDFSkillsApp.exe (PID: 4000 cmdline: PDFSkillsApp.exe MD5: E09DE6AC499EBF7CB11C6ED1721DCB04)
  • mspaint.exe (PID: 7036 cmdline: "C:\Windows\system32\mspaint.exe" "C:\Users\user\Desktop\PDFSkills\PDFSkills.Belongings.favicon.ico" MD5: F221A4CCAFEC690101C59F726C95B646)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeReversingLabs: Detection: 33%
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeReversingLabs: Detection: 33%
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59637 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59638 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59640 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59641 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59643 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59647 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59648 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:59649 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59652 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:59653 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59654 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59655 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59656 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59657 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59659 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59670 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59674 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59671 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59669 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59673 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59672 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59675 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59676 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.141.34.65:443 -> 192.168.2.16:59683 version: TLS 1.2
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1597556840.00000237BBE40000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000F.00000003.1557615554.00000237C66BD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000F.00000003.1558267680.00000237C6624000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbbrowser/accounts.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000F.00000003.1574516003.00000237BE7EC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: 7zG.exe, 00000003.00000003.1220744421.000001BA0AF50000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.3.dr
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000F.00000003.1584633761.00000237BBE47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1582948259.00000237BBE36000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C69DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1554500738.00000237C698C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: msvcp140_1.dll.3.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000F.00000003.1583455647.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000F.00000003.1574516003.00000237BE7EC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.3.dr
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb@ source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: 7zG.exe, 00000003.00000003.1220744421.000001BA0AF50000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_1.dll.3.dr
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000F.00000003.1601053044.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000F.00000003.1558622624.00000237C62F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb@J) source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.3.dr
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000F.00000003.1563995721.00000237C405E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000F.00000003.1583455647.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, msvcp140.dll.3.dr
Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 0000000F.00000003.1610057061.00000237C5F69000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1560582798.00000237C5FB1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbp source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb@ source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 0000000F.00000003.1563995721.00000237C405E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.3.dr
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb` source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000F.00000003.1610892946.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3C6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdbmoz_pages_w_icons source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdbS source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdbappmenu-fxa-header2 source: firefox.exe, 0000000F.00000003.1610057061.00000237C5F69000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000F.00000003.1595348847.00000237BBE3A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbbrowser/appmenu.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.3.dr
Source: Binary string: combase.pdb@ source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1597556840.00000237BBE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000F.00000003.1595348847.00000237BBE3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: msvcp140_codecvt_ids.dll.3.dr
Source: Binary string: wsock32.pdb@ source: firefox.exe, 0000000F.00000003.1593337581.00000237BE79B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000F.00000003.1603462439.00000237C698C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1554500738.00000237C698C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdbP4C source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.3.dr
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: vcomp140.dll.3.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000F.00000003.1584633761.00000237BBE47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1582948259.00000237BBE36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000F.00000003.1560582798.00000237C5FB1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: vcomp140.dll.3.dr
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.3.dr
Source: Binary string: mozglue.pdb@ source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000F.00000003.1601053044.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbbrowser/appmenu.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: vcruntime140_1.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: msvcp140_2.dll.3.dr
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000F.00000003.1564982833.00000237C3EB9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: msvcp140.dll.3.dr
Source: Binary string: sechost.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: msvcp140_1.dll.3.dr
Source: Binary string: propsys.pdb source: firefox.exe, 0000000F.00000003.1592238457.00000237BE972000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.3.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.dr
Source: Binary string: winrnr.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000F.00000003.1569428257.00000237BF33B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3AF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000F.00000003.1564982833.00000237C3EB9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.dr
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1610892946.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000F.00000003.1558267680.00000237C6676000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.3.dr
Source: Binary string: crypt32.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: firefox.exeMemory has grown: Private usage: 1MB later: 260MB
Source: unknownNetwork traffic detected: DNS query count 38
Source: global trafficTCP traffic: 192.168.2.16:59633 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 34.49.51.44 34.49.51.44
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 2.22.61.59 2.22.61.59
Source: Joe Sandbox ViewIP Address: 2.22.61.59 2.22.61.59
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.195
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.195
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKLast-Modified: Wed, 12 Mar 2025 04:19:28 GMTETag: 85430baed3398695717b0263807cf97cContent-Length: 453023Accept-Ranges: bytesX-Timestamp: 1741753167.65917Content-Type: application/zipX-Trans-Id: tx8010bf916ad24497ab4a8-0067d34aa4dfw1Cache-Control: public, max-age=142256Expires: Wed, 19 Mar 2025 14:00:53 GMTDate: Mon, 17 Mar 2025 22:29:57 GMTConnection: keep-aliveData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8d 62 4e d0 b9 df e8 52 e8 06 00 d0 97 0f 00 0f 00 00 00 67 6d 70 6f 70 65 6e 68 32 36 34 2e 64 6c 6c ec bd 0b 7c 14 45 b6 30 de 3d 99 84 49 98 a4 07 8c 18 31 c2 e8 ce ea 34 66 31 71 e3 9a 60 d4 e9 d0 93 f4 e0 04 c2 d3 80 88 71 a3 b9 a0 08 11 27 2b b8 10 08 93 68 2a 6d 7b d9 bb 7a d7 dd 6f 5f ff 7b 77 ef dd e7 c5 bd ee f2 d0 95 cc 24 92 07 28 24 41 21 c0 8a 11 7c 4c 18 81 00 42 26 41 32 ff 73 aa 7b 9e 04 44 64 f7 ff dd ff f7 f1 63 d2 55 d5 55 e7 d4 39 75 ce a9 53 a7 aa bb 4b 16 6c 60 12 18 86 d1 c3 2f 18 64 98 2d 8c fa cf c6 7c f9 bf 00 fc d2 26 be 9e c6 fc 39 f9 9d 9b b6 b0 ce 77 6e 9a b3 78 c9 d3 e6 aa 15 cb ff 69 c5 23 4f 9a 2b 1e 59 b6 6c b9 cb fc dd c7 cc 2b aa 97 99 97 2c 33 8b 33 66 9b 9f 5c fe e8 63 93 53 53 53 2c 1a 8c e9 d2 cf b7 a4 f0 fd fe d0 ef b1 92 cf 8f 4e a4 d7 d3 47 47 d1 eb 99 a3 ff 46 af 27 8f 26 d3 3a 27 fd 4b e0 5a 26 9c 3e 9a 40 af 67 8e de 4d af 9f 1f 4d d7 60 fc 13 fc 2a 84 fe a3 a3 e9 f5 14 bd ce 5a 52 b1 18 ef 85 fa 5e 6a 67 98 47 9f 4b 62 8e 6f 7e 76 61 a8 ac 9f b9 d9 3c 5a 97 c6 31 2e 23 c3 8c 4f a0 65 19 99 a3 19 c6 44 93 eb 58 fc 8b 69 1d c3 24 69 6d 42 57 c6 c3 51 26 be ba c1 04 b7 cb d9 50 a3 d0 e5 c2 bc 9a 2c 4d e4 98 2c a8 bd 3a 89 63 ac d1 cc 2d e5 98 0d 12 5c 9f e5 98 ce 1b e1 fa 2a c7 d4 01 8a ce 2d 69 cc 9c 4b 8c 49 f6 d6 34 86 61 a3 0a 36 18 99 2a dd c5 eb 4f 76 3d b6 d2 05 57 cb d3 46 b5 43 48 bb 3e b6 8e 99 61 ca 27 af 78 f4 11 d7 23 40 66 8d 8e c2 64 d6 c1 75 a5 31 a6 9e 0d fe 4f 56 ab 31 6f 7d 1b 09 84 0e 67 c2 35 90 16 5f cf 33 b9 4a ad 48 69 04 5a 99 69 70 4d e7 2e 84 b7 62 b9 5a 11 86 81 f9 25 dc 47 94 8b 46 aa f7 d8 d2 e5 15 0c e5 11 f2 8a d2 f2 f8 05 f5 0a 2f ce 89 ff 33 ff 71 9b d9 4a af c7 d0 f2 b6 f6 6f de 03 b3 25 f7 67 d9 4e d2 2a 91 7d 12 d9 29 c9 33 0d 4e 25 f1 21 b7 91 71 2a a9 0b e0 e2 eb b8 8b 81 b4 f1 5e 49 9e 6d 90 c8 7e 07 09 f8 36 dd 85 23 e9 7e 2b fb c1 87 17 85 41 d1 7f 12 49 5d 72 03 c7 e4 78 b4 e2 b9 2a 82 3c 49 59 6a c9 96 da ec cc 70 30 18 8c 60 53 ae 4d 40 14 45 f7 8f 66 ea 3d ae 3b 21 cf 40 1e b0 f8 be 0d 45 c4 bb 05 45 bb be a3 fa 9e ad 1b 20 e1 9b 9c 30 1a 6e da 03 12 f1 4a 64 c8 b7 1c 64 d2 7f fd d6 06 bc 75 4d ec 2d 94 71 49 c6 6c 52 8e 07 7a 9a 07 3d 7d a8 a5 72 83 44 e6 58 4c 5a a7 ac 92 f2 78 b6 24 97 04 7c 63 a1 31 d2 63 55 6b 4d e6 26 d6 51 6e 5d ac fe 61 5d 74 fd 68 fa a1 2a d4 b4 21 b9 36 20 37 80 e4 4a 64 af 44 76 4b 4a 22 57 67 64 2a 25 6e 99 07 d2 bf 77 ab e9 f6 4a 6e 69 fb 69 6e 6d 72 9b 40 4d 85 24 27 5a c7 73 8c 04 ec 18 23 29 25 Data Ascii: PKbNRgmpopenh264.dll|E0=I14f1q`
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=8:CUMj2GWSUQ4n_3ahsNwfkOxL_dF6WesT_FizD45QAdo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1Host: ciscobinary.openh264.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 0000000F.00000003.1471100407.00000237C5DE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1951424442.00000237B917B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000F.00000003.1626448663.00000237BD2D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1954417809.00000237B83DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488421693.00000237C9EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508481287.00000237C6D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1615230747.00000237BE0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE088000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1489240878.00000237C9E98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488421693.00000237C9EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6628000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508481287.00000237C6D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1760996597.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1760996597.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1760996597.00000237C5FD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1927330051.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://06836808-3da5-4b66-93b7-b66b1a840a96/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552510643.00000237C6D56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE0FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000000F.00000003.1811731620.00000237BE784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1954417809.00000237B83F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1627954462.00000237BCDE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 0000000F.00000003.1615230747.00000237BE0E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE05D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1489240878.00000237C9E85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: www.reddit.com
Source: global trafficDNS traffic detected: DNS query: twitter.com
Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy.tombstone.experimenter.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: a19.dscg10.akamai.net
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: cnvr.pdfskillspro.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficDNS traffic detected: DNS query: bnz12azfapp02-canary-opaph.netmon.azure.us
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 907sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: firefox.exe, 0000000F.00000003.1944523946.00000237BBF5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 0000000F.00000003.1625807335.00000237BD2F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000000F.00000003.1625807335.00000237BD2F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000000F.00000003.1625807335.00000237BD2F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000000F.00000003.1625807335.00000237BD2F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDD7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1531741561.00000237BBE1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 0000000F.00000003.1954417809.00000237B83F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000F.00000003.1944523946.00000237BBF5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000F.00000003.1815346793.00000237BE35F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1531741561.00000237BBE1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDD7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDD7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/PDFSkillsApp;component/RC/startover.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/PDFSkillsApp;component/messagewnd.xaml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/PDFSkillsApp;component/page1st.xaml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/PDFSkillsApp;component/page2nd.xaml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/add_circle.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/arrow_convert.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/checked.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/converted.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/loader.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/rbyn_red.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/tocloud.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/RC/trash_gray.png
Source: firefox.exe, 0000000F.00000003.1494055928.00000237C5FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1963423265.00000237AC3F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000000F.00000003.1491652253.00000237C6BE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000000F.00000003.1620385013.00000237BDFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000000F.00000003.1620385013.00000237BDFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F831000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F739000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://fontfabrik.com
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/add_circle.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/arrow_convert.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/checked.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/converted.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/loader.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/rbyn_red.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/startover.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/tocloud.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/RC/trash_gray.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/messagewnd.baml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/page1st.baml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/page2nd.baml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/add_circle.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/arrow_convert.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/checked.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/converted.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/loader.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/rbyn_red.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/startover.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/tocloud.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/rc/trash_gray.png
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.000002645326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/messagewnd.xaml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/page1st.xaml
Source: PDFSkillsApp.exe, 0000001B.00000002.2421441082.0000026452F0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/page2nd.xaml
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 0000000F.00000003.1910528719.0000009762203000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.o
Source: firefox.exe, 0000000F.00000003.1444625666.00000237C657A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 0000000F.00000003.1411462799.00000237C424C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552129743.00000237C6DFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1508125298.00000237C6DFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1490889952.00000237C6DFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1645247970.00000237C9F38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1906801521.00000381FD703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1676689207.00000237C424C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1906228036.00000237C424C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1847882421.000017CDAD603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1455872797.00000237C9F29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1677098166.00000237C9F37000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1914481895.0000109BB7B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/aboutWelcomeBehavior
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabled
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/boolean
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/cbhStudyRow
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/cbhStudyUs
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/disableGreaseOnFallback
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxAnyPriorityThreads
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/dnsMaxPriorityThreads
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/ehPreconnectEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/ehPreloadEnabledhttp://mozilla.org/#/properties/networkPredictor
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/experimentType
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/extraParams
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/forceWaitHttpsRRhttp://mozilla.org/#/properties/insecureFallback
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/greasePaddingSize
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/h3Enabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/h3GreaseEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/migrateExtensions
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/preconnect
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showImportAll
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showPreferencesEntrypoint
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/tlsEnabled
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/tlsGreaseProb
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/trendingEnabled
Source: firefox.exe, 0000000F.00000003.1967822790.00000237BC7B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/useNewWizard
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 0000000F.00000003.1399028819.00000237C613A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1521641582.00000237BA324000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1610892946.00000237BF3BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1518115570.00000237BD053000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409587906.00000237C9CB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1321841259.00000237BD1D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1818090468.00000237BA316000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1455616823.00000237C9F70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409137394.00000237C9CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1632587739.00000237BABD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1946172852.00000237BA22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1610892946.00000237BF3AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1397755330.00000237BD0CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408199196.00000237BD1C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1780709077.00000237C6139000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561098499.00000237C5BC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1932977971.00000237BCC3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1321784823.00000237BD1FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1905993650.00000237B9EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 0000000F.00000003.1914481895.0000109BB7B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578812449.00000237BBDD7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1531741561.00000237BBE1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBE13000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, gmpopenh264.dll.tmp.15.dr, Uninstall.exe.3.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe.3.dr, Uninstall.exe.3.drString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587296987.00000237C6347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587296987.00000237C6347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDDF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 0000000F.00000003.1974610283.00000237B3045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersers/
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.fonts.com
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F831000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F6F4000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F87D000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F89B000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 0000000F.00000003.1625807335.00000237BD2F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000000F.00000003.1946172852.00000237BA22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1816597269.00000237BE31E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1613221250.00000237BE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1941475724.00000237BC1EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1833158855.00000237BD323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1968042876.00000237BC7AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1366892518.00000237BE3B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000000F.00000003.1941475724.00000237BC1EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulh
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F8B4000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F6E0000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F831000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.tiro.com
Source: PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F3F0000.00000002.00000001.00040000.0000001B.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2483583759.000002646F94C000.00000002.00000001.00040000.0000001B.sdmpString found in binary or memory: http://www.typography.netD
Source: firefox.exe, 00000014.00000002.2426442528.00000249AE4FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000003.1358776384.00000249AE4FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.15.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587296987.00000237C6347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 0000000F.00000003.1624404889.00000237BD3F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1587296987.00000237C6347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000000F.00000003.1681361317.00000237BE9C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000000F.00000003.1318096938.00000237BAB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000000F.00000003.1630278213.00000237BF40B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000F.00000003.1548542284.00000237C996E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 0000000F.00000003.1826425830.00000237BDFCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000000F.00000003.1384911180.00000237C66BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1833069932.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 0000000F.00000003.1620944058.00000237BDFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE0E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE05D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000000F.00000003.1622787367.00000237BDFA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1760784781.00000237C6237000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000000F.00000003.1586309282.00000237C6B32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000000F.00000003.1567142834.00000237BF496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1768099141.00000237BF4A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1625980464.00000237BD2D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1381559647.00000237BF49C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1825180034.00000237BE052000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1555811693.00000237C67F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696581201119.12791&key=1696581201400600000.1&cta
Source: firefox.exe, 0000000F.00000003.1592238457.00000237BE982000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000000F.00000003.1478909869.00000237BE82E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1473084880.00000237BD0C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 0000000F.00000003.1398603452.00000237C9FB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 0000000F.00000003.1473084880.00000237BD0C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
Source: firefox.exe, 0000000F.00000003.1480966643.00000237BD0CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: Uninstall.exe, 0000001A.00000000.1608927469.00000196729E2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe, 0000001A.00000002.1614324026.0000019600001000.00000004.00000800.00020000.00000000.sdmp, Uninstall.exe.3.drString found in binary or memory: https://cbn.skillcli.com/r
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000000F.00000003.1318096938.00000237BAB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000F.00000003.1508481287.00000237C6D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1680860273.00000237C5BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1713621256.00000237C5BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1651264364.00000237C5BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000000F.00000003.1552510643.00000237C6D4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1381110723.00000237C5FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1555811693.00000237C67F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000F.00000003.1557088056.00000237C6750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000000F.00000003.1586367356.00000237C6949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000000F.00000003.1471203709.00000237C5DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000F.00000003.1409587906.00000237C9CB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000000F.00000003.1508481287.00000237C6D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1507984710.00000237C9E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000000F.00000003.1488421693.00000237C9EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD712000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000000F.00000003.1389221682.00000237C6ABF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000000F.00000003.1389221682.00000237C6ABF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000F.00000003.1390401488.00000237C6AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000000F.00000003.1491652253.00000237C6BE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 0000000F.00000003.1625980464.00000237BD2D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 0000000F.00000003.1825811837.00000237BDFF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?colle
Source: firefox.exe, 0000000F.00000003.1954243552.00000237B9124000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD712000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000014.00000002.2399461227.00000249AD72F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000000F.00000003.1384911180.00000237C66BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000000F.00000003.1508481287.00000237C6D18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 0000000F.00000003.1399028819.00000237C61A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000000F.00000003.1399028819.00000237C61A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000000F.00000003.1318096938.00000237BAB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000000F.00000003.1589516967.00000237C625F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000000F.00000003.1494289265.00000237C43DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1412874714.00000237BD176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1928045350.00000237BCDAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 0000000F.00000003.1953174824.00000237B915E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 0000000F.00000003.1561920402.00000237C43BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CLXfQbX4pbW4QbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000000F.00000003.1957110250.00000237B7BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1769475386.00000237BF3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000000F.00000003.1625980464.00000237BD2D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/9288dc9b-d2cc-435f-bf35-f0d0b
Source: firefox.exe, 0000000F.00000003.1832229023.00000237BDF7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1623093249.00000237BDF7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/cc17ce6f-06b5-463f-
Source: firefox.exe, 0000000F.00000003.1651535400.00000237C4063000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/b4305642-5435-4aa9-970c-0244
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000000F.00000003.1376545763.00000237C6B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000000F.00000003.1626509517.00000237BD258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000000F.00000003.1626509517.00000237BD258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebP:$
Source: firefox.exe, 0000000F.00000003.1630278213.00000237BF40B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 0000000F.00000003.1381110723.00000237C5FF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1572927179.00000237BE9D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000000F.00000003.1471203709.00000237C5DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000F.00000003.1517541750.00000237BD05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: firefox.exe, 0000000F.00000003.1517541750.00000237BD05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: firefox.exe, 0000000F.00000003.1517541750.00000237BD05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: firefox.exe, 00000010.00000002.2399882435.0000020E28772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD781000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AE8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000010.00000002.2399882435.0000020E28772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000000F.00000003.1401076942.00000237C42F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000000F.00000003.1540087262.00000237BBE24000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1581758900.00000237BBE08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1580911655.00000237BBE08000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBE08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000F.00000003.1517541750.00000237BD05F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mths.be/jsesc
Source: firefox.exe, 0000000F.00000003.1955169174.00000237B83C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net
Source: firefox.exe, 0000000F.00000003.1944523946.00000237BBF5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000000F.00000003.1401076942.00000237C42F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
Source: firefox.exe, 0000000F.00000003.1401076942.00000237C42F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000000F.00000003.1590694062.00000237C5BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 0000000F.00000003.1942872904.00000237BBFCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 0000000F.00000003.1944523946.00000237BBF5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1968042876.00000237BC7AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000F.00000003.1652963840.00000237BE70C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1812274887.00000237BE70C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000F.00000003.1652963840.00000237BE70C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000F.00000003.1928670020.00000237BCD9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000F.00000003.1955169174.00000237B83C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000F.00000003.1652963840.00000237BE70C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1812274887.00000237BE713000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000F.00000003.1652963840.00000237BE70C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1807175823.00000237BF4A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1768099141.00000237BF4A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000F.00000003.1409587906.00000237C9CB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6676000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000F.00000003.1769475386.00000237BF3D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1768099141.00000237BF4A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1951424442.00000237B919F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000F.00000003.1584839530.00000237C99D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000F.00000003.1467726094.00000237C99B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1547829240.00000237C99B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000F.00000003.1944523946.00000237BBF99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000000F.00000003.1377100362.00000237C696B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000000F.00000003.1586309282.00000237C6B32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD712000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000000F.00000003.1603462439.00000237C69DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1590694062.00000237C5BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1610700429.00000237C5BBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1762833038.00000237C5BBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2422614083.00000249AE318000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AEF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AEF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user/
Source: firefox.exe, 0000000F.00000003.1620944058.00000237BDFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE0E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 0000000F.00000003.1620944058.00000237BDFD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE0E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1615230747.00000237BE05D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000F.00000003.1390401488.00000237C6AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000000F.00000003.1390401488.00000237C6AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000000F.00000003.1493313668.00000237C6644000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1365234382.00000237BE794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1811731620.00000237BE792000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1652324011.00000237BE792000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1558267680.00000237C6655000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1946023019.00000237BBF43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1831514847.00000237C6655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 0000000F.00000003.1927330051.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 0000000F.00000003.1494289265.00000237C43DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1623093249.00000237BDF83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1630278213.00000237BF40B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561920402.00000237C43D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1591510692.00000237C43D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1833158855.00000237BD37F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1957110250.00000237B7BEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1625980464.00000237BD2D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1832229023.00000237BDF7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1623093249.00000237BDF7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 0000000F.00000003.1573588552.00000237BE9A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000000F.00000003.1562645124.00000237C40EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1562645124.00000237C40DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 0000000F.00000003.1679534535.00000237C6376000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.oGUCFCdKfd-E
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000000F.00000003.1951342109.00000237B9776000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000F.00000003.1551307645.00000237C9E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1507984710.00000237C9E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000000F.00000003.1589882046.00000237C6208000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_39e4b8f6fd6635158ad433436bdaa069841cfdf8e1989e03
Source: firefox.exe, 0000000F.00000003.1508481287.00000237C6D32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552129743.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1490889952.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1759541950.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1678809890.00000237C6D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000000F.00000003.1488421693.00000237C9ED4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000000F.00000003.1578812449.00000237BBDD7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1578092030.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1543784639.00000237BBDF5000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 0000000F.00000003.1385269768.00000237C5FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000000F.00000003.1380517324.00000237C62E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000000F.00000003.1357817665.00000237C64C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000000F.00000003.1318096938.00000237BAB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 0000000F.00000003.1508481287.00000237C6D4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552129743.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1490889952.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1622521153.00000237BDFB4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1317769002.00000237BA200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1826778020.00000237BDFB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1678809890.00000237C6D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1967205420.00000237BC7BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000000F.00000003.1401076942.00000237C42F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000000F.00000003.1401076942.00000237C42F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1552129743.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1490889952.00000237C6D79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1678809890.00000237C6D79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 0000000F.00000003.1951424442.00000237B91E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1954243552.00000237B9124000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1762523011.00000237C5F56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1586367356.00000237C6949000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000F.00000003.1562645124.00000237C40EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1562645124.00000237C40DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.c0yfKF26qNRb
Source: firefox.exe, 0000000F.00000003.1389221682.00000237C6ABF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 0000000F.00000003.1562645124.00000237C40EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1562645124.00000237C40DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.w0HgyL2ZPBj2
Source: firefox.exe, 0000000F.00000003.1927330051.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 0000000F.00000003.1622787367.00000237BDF9D000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.15.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: firefox.exe, 0000000F.00000003.1927330051.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1942872904.00000237BBFCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000F.00000003.1509321522.00000237C67BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000010.00000002.2399882435.0000020E287C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2397306545.0000016E1AEF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000019.00000002.2391158299.0000016E1ACB0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000F.00000003.1525290197.00000237CA1E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 0000000F.00000003.1630278213.00000237BF40B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000000F.00000003.1957685192.00000237B7BD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: Uninstall.exe, 0000001A.00000000.1608927469.00000196729E2000.00000002.00000001.01000000.00000011.sdmp, Uninstall.exe.3.drString found in binary or memory: https://www.pdfskillsapp.com/farewell
Source: firefox.exe, 0000000F.00000003.1508125298.00000237C6D68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000000F.00000003.1551307645.00000237C9E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1507984710.00000237C9E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 0000000F.00000003.1958507316.00000237B7AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2399882435.0000020E287E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2399461227.00000249AD7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2416551671.0000016E1B106000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000000F.00000003.1492264897.00000237C6B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000019.00000002.2397306545.0000016E1AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000000F.00000003.1554500738.00000237C69AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 59672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59669
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59675
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59674
Source: unknownNetwork traffic detected: HTTP traffic on port 59637 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59676
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59671
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59670
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59673
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59672
Source: unknownNetwork traffic detected: HTTP traffic on port 59640 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 59648 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59669 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59679
Source: unknownNetwork traffic detected: HTTP traffic on port 59652 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59681
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59683
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 59645 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59639 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59655 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59658 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59642 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59650 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 59681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59647 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59653 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59644 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59639
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59638
Source: unknownNetwork traffic detected: HTTP traffic on port 59656 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59638 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59637
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59642
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59641
Source: unknownNetwork traffic detected: HTTP traffic on port 59659 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59644
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59643
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59640
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 59641 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59649 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59649
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59646
Source: unknownNetwork traffic detected: HTTP traffic on port 59651 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59645
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59648
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59647
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59653
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59652
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59655
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59654
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59651
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59650
Source: unknownNetwork traffic detected: HTTP traffic on port 59665 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 59646 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59654 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59657
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59656
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59659
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59658
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59665
Source: unknownNetwork traffic detected: HTTP traffic on port 59657 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59643 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59637 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59638 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59640 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59641 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59643 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59647 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59648 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:59649 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59652 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.16:59653 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59654 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59655 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:59656 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59657 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:59659 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59670 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59674 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59671 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59669 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59673 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59672 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59675 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:59676 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.141.34.65:443 -> 192.168.2.16:59683 version: TLS 1.2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD80A877 NtQuerySystemInformation,20_2_00000249AD80A877
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD827B32 NtQuerySystemInformation,20_2_00000249AD827B32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD80A87720_2_00000249AD80A877
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD827B3220_2_00000249AD827B32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD827B7220_2_00000249AD827B72
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD82825C20_2_00000249AD82825C
Source: Libraries.dll.3.drStatic PE information: No import functions for PE file found
Source: Uninstall.exe.3.drStatic PE information: No import functions for PE file found
Source: PDFSkillsApp.exe.3.drStatic PE information: No import functions for PE file found
Source: Uninstall.exe.3.dr, AppRemover.csBase64 encoded string: 'QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU=', 'QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU='
Source: classification engineClassification label: mal48.winZIP@59/84@130/19
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkillsJump to behavior
Source: C:\Windows\System32\mspaint.exeMutant created: NULL
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: firefox.exe, 0000000F.00000003.1573834354.00000237BE988000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1620385013.00000237BDFED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 0000000F.00000003.1622270450.00000237BDFC8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 0000000F.00000003.1547738561.00000237C9E16000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\PDFSkills\" -spe -an -ai#7zMap31509:74:7zEvent32624
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,15551878453831384445,17413725009215287088,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f144ade-7c74-4615-a20b-ce073e61fc42} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ac36d110 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3352 -prefMapHandle 3984 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d71a661c-9e12-4709-829a-434f9a04f141} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237be2de110 rdd
Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5308 -prefMapHandle 5228 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a6cdf3-7708-459f-b471-0e5883bc1412} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ca008b10 utility
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\Uninstall.exe Uninstall.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exe PDFSkillsApp.exe
Source: unknownProcess created: C:\Windows\System32\mspaint.exe "C:\Windows\system32\mspaint.exe" "C:\Users\user\Desktop\PDFSkills\PDFSkills.Belongings.favicon.ico"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,15551878453831384445,17413725009215287088,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2240 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f144ade-7c74-4615-a20b-ce073e61fc42} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ac36d110 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3916 -parentBuildID 20230927232528 -prefsHandle 3352 -prefMapHandle 3984 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d71a661c-9e12-4709-829a-434f9a04f141} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237be2de110 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5308 -prefMapHandle 5228 -prefsLen 33093 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a6cdf3-7708-459f-b471-0e5883bc1412} 7236 "\\.\pipe\gecko-crash-server-pipe.7236" 237ca008b10 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\Uninstall.exe Uninstall.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exe PDFSkillsApp.exeJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\7-Zip\7zG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: ntvdm64.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dui70.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: duser.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: assignedaccessruntime.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: structuredquery.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windows.storage.search.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: ehstorshell.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: cscui.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: cldapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mspaint.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: acgenral.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: userenv.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: mpr.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: propsys.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: winmm.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: ninput.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: msftedit.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: uiribbon.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: wldp.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: efswrt.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: sti.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: wiatrace.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: atlthunk.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: photometadatahandler.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\mspaint.exeSection loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeWindow detected: Number of UI elements: 13
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: PDFSkills.zipStatic file information: File size 1122600 > 1048576
Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1597556840.00000237BBE40000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000F.00000003.1557615554.00000237C66BD000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: firefox.exe, 0000000F.00000003.1558267680.00000237C6624000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbbrowser/accounts.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WscApi.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000F.00000003.1574516003.00000237BE7EC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: 7zG.exe, 00000003.00000003.1220744421.000001BA0AF50000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.3.dr
Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000F.00000003.1584633761.00000237BBE47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1582948259.00000237BBE36000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C69DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1554500738.00000237C698C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: msvcp140_1.dll.3.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000F.00000003.1583455647.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: xul.pdb source: firefox.exe, 0000000F.00000003.1574516003.00000237BE7EC000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mozglue.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.3.dr
Source: Binary string: dcomp.pdb source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winnsi.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8softokn3.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb@ source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: 7zG.exe, 00000003.00000003.1220744421.000001BA0AF50000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_1.dll.3.dr
Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: urlmon.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdb source: firefox.exe, 0000000F.00000003.1601053044.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000F.00000003.1558622624.00000237C62F1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb@J) source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.3.dr
Source: Binary string: srvcli.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000F.00000003.1563995721.00000237C405E000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: freebl3.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: webauthn.pdb source: firefox.exe, 0000000F.00000003.1583455647.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, msvcp140.dll.3.dr
Source: Binary string: 8imagehlp.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdb source: firefox.exe, 0000000F.00000003.1610057061.00000237C5F69000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ExplorerFrame.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1560582798.00000237C5FB1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: NapiNSP.pdbp source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: firefox.pdb@ source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: firefox.exe, 0000000F.00000003.1563995721.00000237C405E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: msvcp140_codecvt_ids.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 0000000F.00000003.1627954462.00000237BCDD8000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.3.dr
Source: Binary string: 8osclientcerts.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdb` source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: firefox.exe, 0000000F.00000003.1610892946.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3C6000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: twinapi.pdbmoz_pages_w_icons source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: userenv.pdbS source: firefox.exe, 0000000F.00000003.1607516082.00000237C6934000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mswsock.pdbappmenu-fxa-header2 source: firefox.exe, 0000000F.00000003.1610057061.00000237C5F69000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8iertutil.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000F.00000003.1595348847.00000237BBE3A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8powrprof.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8MMDevAPI.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdbbrowser/appmenu.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wininet.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.3.dr
Source: Binary string: combase.pdb@ source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1597556840.00000237BBE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000F.00000003.1595348847.00000237BBE3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: msvcp140_codecvt_ids.dll.3.dr
Source: Binary string: wsock32.pdb@ source: firefox.exe, 0000000F.00000003.1593337581.00000237BE79B000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000F.00000003.1603462439.00000237C698C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1554500738.00000237C698C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: nssckbi.pdbP4C source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8audioses.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.3.dr
Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8netutils.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8rasadhlp.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8taskschd.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: vcomp140.dll.3.dr
Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000F.00000003.1584633761.00000237BBE47000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1582948259.00000237BBE36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000F.00000003.1560582798.00000237C5FB1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: vcomp140.dll.3.dr
Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.3.dr
Source: Binary string: mozglue.pdb@ source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8fwpuclnt.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msimg32.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000F.00000003.1552926438.00000237C6D38000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000F.00000003.1601053044.00000237CA301000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11.pdb source: firefox.exe, 0000000F.00000003.1554500738.00000237C697C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1603462439.00000237C697D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbbrowser/appmenu.ftl source: firefox.exe, 0000000F.00000003.1561709273.00000237C43F9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: vcruntime140_1.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: msvcp140_2.dll.3.dr
Source: Binary string: gdi32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: firefox.exe, 0000000F.00000003.1564982833.00000237C3EB9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: avrt.pdb source: firefox.exe, 0000000F.00000003.1553462003.00000237C6B87000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: firefox.exe, 0000000F.00000003.1612195702.00000237BE356000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: msvcp140.dll.3.dr
Source: Binary string: sechost.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: msvcp140_1.dll.3.dr
Source: Binary string: propsys.pdb source: firefox.exe, 0000000F.00000003.1592238457.00000237BE972000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.3.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.dr
Source: Binary string: winrnr.pdb source: firefox.exe, 0000000F.00000003.1560316368.00000237C5FC9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: firefox.exe, 0000000F.00000003.1559095867.00000237C6285000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: version.pdb source: firefox.exe, 0000000F.00000003.1569428257.00000237BF33B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3AF000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000F.00000003.1564982833.00000237C3EB9000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: firefox.exe, 0000000F.00000003.1557155656.00000237C674A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: firefox.exe, 0000000F.00000003.1612475430.00000237BE340000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 0000000F.00000003.1827170341.00000237CA900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.dr
Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: psapi.pdb source: firefox.exe, 0000000F.00000003.1566534090.00000237C3E44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1610892946.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1569428257.00000237BF3FA000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: dxgi.pdb source: firefox.exe, 0000000F.00000003.1558267680.00000237C6676000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: 8linkinfo.pdb source: firefox.exe, 0000000F.00000003.1623610963.00000237BDF3C000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.3.dr
Source: Binary string: crypt32.pdb source: firefox.exe, 0000000F.00000003.1612706509.00000237BE32A000.00000004.00000800.00020000.00000000.sdmp
Source: Uninstall.exe.3.drStatic PE information: 0xCB8A70DD [Fri Mar 18 16:48:29 2078 UTC]
Source: Update.dll.3.drStatic PE information: section name: .nep
Source: vcomp140.dll.3.drStatic PE information: section name: _RDATA
Source: vcruntime140.dll.3.drStatic PE information: section name: fothk
Source: vcruntime140.dll.3.drStatic PE information: section name: _RDATA
Source: gmpopenh264.dll.tmp.15.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeCode function: 26_2_00007FFF71D90EBB push FFFFFFDFh; iretd 26_2_00007FFF71D90EBD
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeCode function: 26_2_00007FFF71D9046A push FFFFFFDFh; iretd 26_2_00007FFF71D9046D
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeCode function: 26_2_00007FFF71D90E2A push FFFFFFDFh; iretd 26_2_00007FFF71D90E2D
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeCode function: 26_2_00007FFF71D90E3B push FFFFFFDFh; iretd 26_2_00007FFF71D90E3D
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA61FA pushad ; ret 27_2_00007FFF71DA61FB
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA19C2 push FFFFFFA8h; retf 27_2_00007FFF71DA1A0B
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA01BA push E95E4D4Ch; ret 27_2_00007FFF71DA01C9
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA7067 pushad ; ret 27_2_00007FFF71DA707B
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA0B43 push FFFFFFDFh; iretd 27_2_00007FFF71DA0B45
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA1A39 push FFFFFFA8h; retf 27_2_00007FFF71DA1A3B
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA0CA2 push FFFFFFDFh; iretd 27_2_00007FFF71DA0CA5
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA0CB3 push FFFFFFDFh; iretd 27_2_00007FFF71DA0CB5
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeCode function: 27_2_00007FFF71DA0C72 push FFFFFFDFh; iretd 27_2_00007FFF71DA0C75
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\msvcp140_2.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vccorlib140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vcruntime140_threads.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vcamp140.dllJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\Update.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vcruntime140_1.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vcomp140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\Libraries.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\msvcp140_1.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\msvcp140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\concrt140.dllJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\vcruntime140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\PDFSkills\Uninstall.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mspaint.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeMemory allocated: 19672C10000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeMemory allocated: 196749C0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeMemory allocated: 26451340000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeMemory allocated: 2646AE00000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD80A877 rdtsc 20_2_00000249AD80A877
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\msvcp140_2.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vccorlib140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vcruntime140_threads.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vcamp140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\Update.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vcruntime140_1.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vcomp140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\Libraries.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\msvcp140_1.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\msvcp140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\concrt140.dllJump to dropped file
Source: C:\Program Files\7-Zip\7zG.exeDropped PE file which has not been started: C:\Users\user\Desktop\PDFSkills\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exe TID: 8052Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\conhost.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Amcache.hve.23.drBinary or memory string: VMware
Source: firefox.exe, 00000014.00000002.2419701944.00000249ADD30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
Source: Amcache.hve.23.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.23.drBinary or memory string: VMware, Inc.
Source: firefox.exe, 00000014.00000002.2378231283.00000249AD40A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: Amcache.hve.23.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.23.drBinary or memory string: VMware-42 27 c8 0c e4 52 1d cc-a0 8f d3 a4 82 3e 8f 04
Source: Amcache.hve.23.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.23.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.23.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: firefox.exe, 0000000F.00000003.1662825910.00000237ADF35000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2418728226.0000020E28C40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2378624022.0000020E2836E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2419701944.00000249ADD30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2379981729.0000016E1ABAA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2414852632.0000016E1AFF0000.00000004.00000020.00020000.00000000.sdmp, PDFSkillsApp.exe, 0000001B.00000002.2475165542.000002646F213000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.23.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: firefox.exe, 0000000F.00000003.1957685192.00000237B7BC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2416671881.0000020E28812000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000010.00000002.2418728226.0000020E28C4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
Source: Amcache.hve.23.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.23.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: PDFSkillsApp.exe, 0000001B.00000002.2472472211.000002646F127000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%SystemRoot%\System32\mswsock.dll,-60102-9%SystemRoot%\system32\mswsock.dlla33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft?
Source: Amcache.hve.23.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: firefox.exe, 0000000F.00000003.1662825910.00000237ADF5B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2418728226.0000020E28C40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2418728226.0000020E28C4B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2419701944.00000249ADD30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: mspaint.exe, 0000001E.00000002.2420733503.00000244749C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\u
Source: PDFSkillsApp.exe, 0000001B.00000002.2481892671.000002646F391000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
Source: Amcache.hve.23.drBinary or memory string: vmci.sys
Source: Amcache.hve.23.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.23.drBinary or memory string: \driver\vmci,\driver\pci
Source: firefox.exe, 0000000F.00000003.1662825910.00000237ADF5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: PDFSkillsApp.exe, 0000001B.00000002.2476623627.000002646F25C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}d
Source: Amcache.hve.23.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.23.drBinary or memory string: VMware20,1
Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.23.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.23.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.23.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.23.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.23.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.23.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.23.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.23.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.23.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.23.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\System32\mspaint.exeProcess information queried: ProcessInformation
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_00000249AD80A877 rdtsc 20_2_00000249AD80A877
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\Uninstall.exe Uninstall.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exe PDFSkillsApp.exeJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\Uninstall.exeQueries volume information: C:\Users\user\Desktop\PDFSkills\Uninstall.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.23.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.23.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.23.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.23.drBinary or memory string: MsMpEng.exe
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
Source: C:\Users\user\Desktop\PDFSkills\PDFSkillsApp.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping121
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		32
Virtualization/Sandbox Evasion		Security Account Manager32
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS12
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Obfuscated Files or Information		LSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Extra Window Memory Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640975 Sample: PDFSkills.zip Startdate: 17/03/2025 Architecture: WINDOWS Score: 48 48 youtube-ui.l.google.com 2->48 50 www.youtube.com 2->50 52 41 other IPs or domains 2->52 7 7zG.exe 40 2->7         started        10 cmd.exe 1 2->10         started        12 firefox.exe 1 2->12         started        14 3 other processes 2->14 process3 dnsIp4 36 C:\Users\user\...\vcruntime140_threads.dll, PE32+ 7->36 dropped 38 C:\Users\user\Desktop\...\vcruntime140_1.dll, PE32+ 7->38 dropped 40 C:\Users\user\Desktop\...\vcruntime140.dll, PE32+ 7->40 dropped 42 13 other files (12 malicious) 7->42 dropped 17 PDFSkillsApp.exe 70 24 10->17         started        20 Uninstall.exe 1 10->20         started        22 conhost.exe 1 10->22         started        24 firefox.exe 3 221 12->24         started        66 192.168.2.16, 137, 138, 443 unknown unknown 14->66 28 chrome.exe 14->28         started        file5 process6 dnsIp7 68 Multi AV Scanner detection for dropped file 17->68 54 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49738, 49756, 49758 GOOGLEUS United States 24->54 56 push.services.mozilla.com 34.107.243.93, 443, 59639, 59646 GOOGLEUS United States 24->56 62 11 other IPs or domains 24->62 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 24->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 24->46 dropped 30 firefox.exe 1 24->30         started        32 firefox.exe 1 24->32         started        34 firefox.exe 1 24->34         started        58 plus.l.google.com 142.250.181.238, 443, 49720 GOOGLEUS United States 28->58 60 142.250.185.110, 49705, 80 GOOGLEUS United States 28->60 64 8 other IPs or domains 28->64 file8 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.