Windows Analysis Report
FireDaemon-Pro-x64-5.4.10.exe

Overview

General Information

Sample name: FireDaemon-Pro-x64-5.4.10.exe
Analysis ID: 1447776
MD5: 85bcf18c247619f157bb66c59283bc54
SHA1: 9ffc8d1af864b73a50f9b95475cb7b53a96ef5e7
SHA256: 9105a2bfb52b971df10df6b89f26676cdec5c6d43878c7a1e66a77a286b607dd
Infos:

Detection

Score: 36
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Compliance

Score: 21
Range: 0 - 100

Signatures

Creates files in alternative data streams (ADS)
Disables event log channels
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Hides threads from debuggers
PE file has nameless sections
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
EXE planting / hijacking vulnerabilities found
Enables security privileges
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonUI.exe Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon.exe Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonCLI.exe Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonUI.exe Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon.exe Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe EXE: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonCLI.exe Jump to behavior
Uses 32bit PE files
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49718 version: TLS 1.0
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Common Files\FireDaemon Pro Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Common Files\FireDaemon Pro\ServiceDefinitions Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemon.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Core.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\VisualLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\add-service-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\add-service.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\additional-menu-horizontal-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\additional-menu-horizontal.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\branding.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-service-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-service.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\done-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\done.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\edit-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\edit-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\erase-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\erase.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\hamburger-menu-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\hamburger-menu.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\logo.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\open-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\open-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-grey-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-grey.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\refresh-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\refresh.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-blue-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-blue.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-grey-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-grey.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\scheduling-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\scheduling-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\show-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\show-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-down-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-down.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-left-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-left.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-up-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-up.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\splash-screen.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-green-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-green.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-red-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-red.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\support-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\support.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\switch-session0-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\switch-session0.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\skin.xml Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\version.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\regid.2000-01.com.firedaemon_29758F0E-2FC0-46EF-A3D7-0CECCDC6FB35.swidtag
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll:{4498064F-515A180A-A7D546EE-2EB1D8EE}
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll:{4498064F-515A180A-A7D546EE-2EB1D8EE}
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FireDaemon Pro 5.4.10 Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\license.txt Jump to behavior
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.10.34:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\FireDaemonCLI.pdb source: FireDaemonCLI.exe, 0000000F.00000000.2314751372.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2376444407.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wininet.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2038575791.0000000009C56000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2210182830.000000000777A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb- source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\XmlCfg.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, ExternalUICleaner.dll.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb7 source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, ExternalUICleaner.dll.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, MSI4A8B.tmp, 00000009.00000000.2297198192.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp, MSI4A8B.tmp, 00000009.00000002.2311397548.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\VisualLayer.pdb::8GCTL source: FireDaemonUI.exe, 00000013.00000002.3278082816.00007FF8B8CCD000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbA source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, MSI4A8B.tmp, 00000009.00000000.2297198192.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp, MSI4A8B.tmp, 00000009.00000002.2311397548.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\wicustomactions.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\Core.pdb source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2038575791.0000000009C56000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2210182830.000000000777A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\VisualLayer.pdb source: FireDaemonUI.exe, 00000013.00000002.3278082816.00007FF8B8CCD000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\XmlCfg.pdbg source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\FireDaemonUI.pdb source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: FireDaemon-Pro-x64-5.4.10.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\wicustomactions.pdbmm`GCTL source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: z: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: x: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: v: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: t: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: r: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: p: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: n: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: l: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: j: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: h: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: f: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: b: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: y: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: w: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: u: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: s: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: q: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: o: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: m: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: k: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: i: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: g: Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: e: Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File opened: c:
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File opened: a: Jump to behavior
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.5:60778 -> 1.1.1.1:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 99.86.4.90 99.86.4.90
Source: Joe Sandbox View IP Address: 34.49.229.81 34.49.229.81
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49718 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDoofKTR9ZkapHv&MD=aO1Z537k HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /firedaemon-pro-version.txt HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: FireDaemon Pro/5.4.10Host: update.firedaemon.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /download-firedaemon-pro HTTP/1.1Host: www.firedaemon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/originTrials.41d7301a.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/third-party/fonts/user-site-fonts/fonts/open-source/opensans-bold-webfont.woff HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_api/v2/dynamicmodel HTTP/1.1Host: www.firedaemon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/download-firedaemon-proAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&deviceType=Desktop&dfCk=6&dfVersion=1.3436.0&disableStaticPagesUrlHierarchy=false&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=a7152c52.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=true&isPremiumDomain=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-features&originalLanguage
Source: global traffic HTTP traffic detected: GET /media/9fb53e_c1dbd252bf624832bdc6aefec454cbd1~mv2.png/v1/crop/x_0,y_15,w_1059,h_221/fill/w_297,h_62,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/FireDaemon%20Logo.png HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/third-party/fonts/user-site-fonts/fonts/open-source/opensans-regular-webfont.woff HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&deviceType=Desktop&dfCk=6&dfVersion=1.3436.0&disableStaticPagesUrlHierarchy=false&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=a7152c52.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=true&isPremiumDomain=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-features&originalLanguage
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&dfCk=6&dfVersion=1.3436.0&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=d7b8999f.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-platform&originalLanguage=en&pageId=9fb53e_220120ee4a2a712ea04fc0d44462ca3b_5065.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-ele
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&dfCk=6&dfVersion=1.3436.0&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=d7b8999f.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-platform&originalLanguage=en&pageId=9fb53e_c4cc778c5c415d1b382d3213b70d3726_5065.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-ele
Source: global traffic HTTP traffic detected: GET /media/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png/v1/fill/w_227,h_48,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/9fb53e_d6b5d9866444497586eb218c6b0d5d76~mv2.png/v1/fill/w_969,h_685,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/FireDaemon%20Pro%205%20Service%20Definition.png HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/9fb53e_8dcfc3c797a44c8d9c13ea5ea1ecf0c1~mv2.png/v1/crop/x_14,y_4,w_410,h_92/fill/w_53,h_12,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/_edited.png HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_partials/wix-thunderbolt/dist/clientWorker.40b4c8e8.bundle.min.js HTTP/1.1Host: www.firedaemon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.firedaemon.com/download-firedaemon-proAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/thunderbolt-commons.e52856fd.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/main.f384254e.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/main.renderer.1d21f023.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /unpkg/lodash@4.17.21/lodash.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_api/v2/dynamicmodel HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R
Source: global traffic HTTP traffic detected: GET /unpkg/react@18.3.1/umd/react.production.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /unpkg/react-dom@18.3.1/umd/react-dom.production.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/tag-manager-client/1.841.0/siteTags.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-perf-measure/1.1095.0/wix-perf-measure.umd.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_7.bae0ce0c.chunk.min.css HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/thunderbolt-components-registry.0ad4b1bd.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_2.7970a84d.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/assetsLoader.5306d285.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_partials/wix-thunderbolt/dist/mainSdks.b078babc.chunk.min.js HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/_partials/wix-thunderbolt/dist/clientWorker.40b4c8e8.bundle.min.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R
Source: global traffic HTTP traffic detected: GET /_partials/wix-thunderbolt/dist/nonMainSdks.725f9808.chunk.min.js HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/_partials/wix-thunderbolt/dist/clientWorker.40b4c8e8.bundle.min.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R
Source: global traffic HTTP traffic detected: GET /media/9fb53e_8dcfc3c797a44c8d9c13ea5ea1ecf0c1~mv2.png/v1/crop/x_14,y_4,w_410,h_92/fill/w_53,h_12,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/_edited.png HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png/v1/fill/w_227,h_48,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/9fb53e_c1dbd252bf624832bdc6aefec454cbd1~mv2.png/v1/crop/x_0,y_15,w_1059,h_221/fill/w_297,h_62,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/FireDaemon%20Logo.png HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/9fb53e_d6b5d9866444497586eb218c6b0d5d76~mv2.png/v1/fill/w_969,h_685,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/FireDaemon%20Pro%205%20Service%20Definition.png HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_3.bdb67127.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/componentsLoader.f9ff2baa.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_7.d83ad24e.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/ooi.aaf1fd25.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_4.8bb74093.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_5.2a9c5494.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_partials/wix-thunderbolt/dist/nonMainSdks.725f9808.chunk.min.js HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R
Source: global traffic HTTP traffic detected: GET /_partials/wix-thunderbolt/dist/mainSdks.b078babc.chunk.min.js HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_43.fac77ec7.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/cyclicTabbing.e156be92.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/environmentWixCodeSdk.7690a40b.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_21.1bba0ca2.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/popups.efc78062.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/panorama.051dc072.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/routerFetch.70b8c8ff.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_6.57661fd7.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/siteMembers.0d22f791.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_9.857f66a1.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/passwordProtectedPage.1d2bf9a9.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/tslib.inline.affe2026.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDoofKTR9ZkapHv&MD=aO1Z537k HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/tpaCommons.0e16a51b.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_23.1cf2f055.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/platform.34e40fe4.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_api/tag-manager/api/v1/tags/sites/49d14df4-afe2-4e62-83bc-650176825a35?wixSite=false&htmlsiteId=966392eb-b72e-4748-adc9-c5effa72ecbf&language=en&partytown=false HTTP/1.1Host: www.firedaemon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"content-type: application/jsonsec-ch-ua-mobile: ?0authorization: 05S2CUFXEgdB2hDG16mdRzmMuM8wZjgsF2JzF5HPeTI.eyJpbnN0YW5jZUlkIjoiNDlkMTRkZjQtYWZlMi00ZTYyLTgzYmMtNjUwMTc2ODI1YTM1IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiNDlkMTRkZjQtYWZlMi00ZTYyLTgzYmMtNjUwMTc2ODI1YTM1Iiwic2lnbkRhdGUiOiIyMDI0LTA1LTI3VDAwOjE0OjI2LjcyNloiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjM4YTE1MDcwLTdmZGQtNGRlMC1hZWFjLTVlYjEyYTMyNDAzNCIsInNpdGVPd25lcklkIjoiOWZiNTNlNDUtMDA0YS00YjVlLTkyNTEtMDExMzk4NDdmZjViIn0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/download-firedaemon-proAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R; bSession=0627d659-1bf8-4f4a-a708-e9783f65564e|1
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_wixui.corvid.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_dsgnsys.corvid.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_wixui.thunderbolt.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/auto-frontend-modules/1.4827.0/webworker/manifest-worker.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_dsgnsys.thunderbolt.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/reporter-api.f78ab811.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&dfCk=6&dfVersion=1.3436.0&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=d7b8999f.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-platform&originalLanguage=en&pageId=9fb53e_c4cc778c5c415d1b382d3213b70d3726_5065.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-ele
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&deviceType=Desktop&dfCk=6&dfVersion=1.3436.0&disableStaticPagesUrlHierarchy=false&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=a7152c52.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=true&isPremiumDomain=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-features&originalLanguage
Source: global traffic HTTP traffic detected: GET /media/9fb53e_29262b12e52742e182bf1ddc1ac9a866~mv2.png/v1/fill/w_32%2Ch_32%2Clg_1%2Cusm_0.66_1.00_0.01/9fb53e_29262b12e52742e182bf1ddc1ac9a866~mv2.png HTTP/1.1Host: static.wixstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&dfCk=6&dfVersion=1.3436.0&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=d7b8999f.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isPremiumDomain=true&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-platform&originalLanguage=en&pageId=9fb53e_220120ee4a2a712ea04fc0d44462ca3b_5065.json&quickActionsMenuEnabled=false&registryLibrariesTopology=%5B%7B%22artifactId%22%3A%22editor-ele
Source: global traffic HTTP traffic detected: GET /pages/pages/thunderbolt?appDefinitionIdToSiteRevision=%7B%2214271d6f-ba62-d045-549b-ab972ae1f70e%22%3A%2225%22%2C%2214bcded7-0066-7c35-14d7-466cb3f09103%22%3A%221216%22%2C%221522827f-c56c-a5c9-2ac9-00f9e6ae12d3%22%3A%221806%22%7D&beckyExperiments=specs.thunderbolt.compCssMappers_catharsis%3Atrue%2Cspecs.thunderbolt.supportSpxInEEMappers%3Atrue%2Cspecs.thunderbolt.one_cell_grid_display_flex%3Atrue%2Cspecs.thunderbolt.MediaContainerAndPageBackgroundMapper%3Atrue%2Cspecs.thunderbolt.minWidthFromLayout%3Atrue%2Cspecs.thunderbolt.root_components_carmi%3Atrue%2Cspecs.thunderbolt.edixIsInFirstFold%3Atrue%2Cspecs.thunderbolt.proGalleryMasterInfo%3Atrue%2Cspecs.thunderbolt.app_reflow_with_lightboxes%3Atrue%2Cspecs.thunderbolt.DatePickerPortal%3Atrue%2Cspecs.thunderbolt.wixSitesFontDisplaySwap%3Atrue%2Cspecs.thunderbolt.facebookVideoPlayerDimensions%3Atrue%2Cspecs.thunderbolt.useElementoryRelativePath%3Atrue%2Cspecs.thunderbolt.fixVectorImageShouldScaleStroke%3Atrue%2Cspecs.thunderbolt.render_all_tabs%3Atrue%2Cspecs.thunderbolt.opacityTransition%3Atrue%2Cspecs.thunderbolt.mesh_css_catharsis%3Atrue%2Cspecs.thunderbolt.DDMenuMigrateCssCarmiMapper%3Atrue%2Cspecs.thunderbolt.FontDisplaySwap%3Atrue%2Cspecs.thunderbolt.UseWixDataItemService%3Atrue%2Cspecs.thunderbolt.fiveGridLineStudioSkins%3Atrue%2Cspecs.thunderbolt.TPA3DGalleryEEUrl%3Atrue%2Cspecs.thunderbolt.allowWEBPTransformation%3Atrue%2Cspecs.thunderbolt.carouselGalleryImageFitting%3Atrue%2Cspecs.thunderbolt.useNewImageParallax%3Atrue%2Cspecs.thunderbolt.accordionHeightAuto%3Atrue%2Cspecs.thunderbolt.fixResponsiveBoxContainerLayoutClass%3Atrue%2Cspecs.thunderbolt.fetch_widget_iteratively%3Atrue%2Cspecs.thunderbolt.TextInputAutoFillFix%3Atrue&contentType=application%2Fjson&cssPerBreakpointWidgetIds=a63a5215-8aa6-42af-96b1-583bfd74cff5%2C13afb094-84f9-739f-44fd-78d036adb028%2C139a41fd-0b1d-975f-6f67-e8cbdf8ccc82%2C1380bba0-253e-a800-a235-88821cf3f8a4%2Cbda15dc1-816d-4ff3-8dcb-1172d5343cce%2C44c66af6-4d25-485a-ad9d-385f5460deef%2C80a3bd56-82b4-4193-8bb4-b7cb0f3f1830%2C15293875-09d7-6913-a093-084a9b6ae7f4%2C14cefc05-d163-dbb7-e4ec-cd4f2c4d6ddd%2C14dd1af6-3e02-63db-0ef2-72fbc7cc3136%2C14dbefb9-3b7b-c4e9-53e8-766defd30587&deviceType=Desktop&dfCk=6&dfVersion=1.3436.0&disableStaticPagesUrlHierarchy=false&editorName=Unknown&experiments=bv_remove_add_chat_viewer_fixer%2Cdm_migrateResponsiveSectionStyleItemToDesign%2Cdm_onlyRerunWhenFixerRequiresReruns%2Cdm_screenInBehaviorsToEntranceEffectsFixer%2Cdm_stopMasterpageFixerLoop&externalBaseUrl=https%3A%2F%2Fwww.firedaemon.com&fileId=a7152c52.bundle.min&formFactor=desktop&hasTPAWorkerOnSite=false&isHttps=true&isInSeo=false&isMultilingualEnabled=true&isPremiumDomain=true&isTrackClicksAnalyticsEnabled=false&isUrlMigrated=true&isWixCodeOnPage=false&isWixCodeOnSite=false&language=en&languageResolutionMethod=QueryParam&metaSiteId=49d14df4-afe2-4e62-83bc-650176825a35&migratingToOoiWidgetIds=14fd5970-8072-c276-1246-058b79e70c1a&module=thunderbolt-features&originalLanguage
Source: global traffic HTTP traffic detected: GET /services/auto-frontend-modules/dist/webworker/auto-frontend-modules.0e3e917b.umd.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_0.fbab12aa.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/Fallback.corvid.6c607819.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_28.d2676dae.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/animations.17323c3a.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_29.c1c953ff.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/auto-frontend-modules/1.4827.0/webworker/manifest-worker.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_dsgnsys.corvid.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_api/tag-manager/api/v1/tags/sites/49d14df4-afe2-4e62-83bc-650176825a35?wixSite=false&htmlsiteId=966392eb-b72e-4748-adc9-c5effa72ecbf&language=en&partytown=false HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R; bSession=0627d659-1bf8-4f4a-a708-e9783f65564e|1
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_wixui.corvid.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_dsgnsys.thunderbolt.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements/1.12119.0/rb_wixui.thunderbolt.manifest.min.json HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /media/9fb53e_29262b12e52742e182bf1ddc1ac9a866~mv2.png/v1/fill/w_32%2Ch_32%2Clg_1%2Cusm_0.66_1.00_0.01/9fb53e_29262b12e52742e182bf1ddc1ac9a866~mv2.png HTTP/1.1Host: static.wixstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid~core.01272345.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_25.7800adf7.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/windowScroll.bc5f1bd7.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/cookie-consent-banner-for-uou/1.730.0//app.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt_bootstrap-classic.3bf2ca42.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/auto-frontend-modules/dist/webworker/auto-frontend-modules.0e3e917b.umd.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt_bootstrap-responsive.f13e03d3.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/wix-thunderbolt/dist/group_33.f6f5fc64.chunk.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.firedaemon.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt_bootstrap.8949600c.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt[SkipToContentButton].a2d57d10.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt[ClassicSection].cf7b0755.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid_bootstrap.052fc540.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_serverless/cookie-consent-settings-serverless/v1/cookie-banner-settings?languageCode=en HTTP/1.1Host: www.firedaemon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36authorization: pyoUA-rk-a-RSPI5xbNTpv-KZC8cDhP1UdHoPSvwy9Q.eyJpbnN0YW5jZUlkIjoiYzg0ZmQ0YzUtNzkzOS00YWM4LWIxZWYtMDlkMTBlMzJlYzFmIiwiYXBwRGVmSWQiOiJmMTA1YmExNi02YjdhLTRiNTItYTJlNS03MTJiZGM3NDlmNzYiLCJtZXRhU2l0ZUlkIjoiNDlkMTRkZjQtYWZlMi00ZTYyLTgzYmMtNjUwMTc2ODI1YTM1Iiwic2lnbkRhdGUiOiIyMDI0LTA1LTI3VDAwOjE0OjI2LjcyNloiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjM4YTE1MDcwLTdmZGQtNGRlMC1hZWFjLTVlYjEyYTMyNDAzNCIsImJpVG9rZW4iOiI4MTllOTkzMS1kNmRiLTA0YWEtMzI1My02Y2QwNzhiMGI2MmEiLCJzaXRlT3duZXJJZCI6IjlmYjUzZTQ1LTAwNGEtNGI1ZS05MjUxLTAxMTM5ODQ3ZmY1YiJ9x-wix-client-artifact-id: cookie-consent-banner-for-uousec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/download-firedaemon-proAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R; bSession=0627d659-1bf8-4f4a-a708-e9783f65564e|1
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[DropDownMenu].b6729126.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[Column].bad593e0.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid~core.01272345.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[ClassicSection].8e2d6593.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6.18.2/bundle.min.js HTTP/1.1Host: browser.sentry-cdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_serverless/cookie-consent-settings-serverless/v1/cookie-banner-settings?languageCode=en HTTP/1.1Host: www.firedaemon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ssr-caching=cache#desc=hit#varnish=hit_miss#dc#desc=fastly_42_g; hs=-689563831; svSession=a33e84985dd23c337a3be863a9d3dc4d191a7943130ecdcf5f1ffee6b4891d6a18ea53258d7963722742c9e1be5f36831e60994d53964e647acf431e4f798bcd0a16ffe2a597a4922190771dee40ec8c22d3636624349237d8e5269f0c0c0562cba328ffd4262f53a39f93b3dc2fb8ff63e69003171e35e57857d138c0d0b03bb51a28d25136bb4522de2b10e00233fc; XSRF-TOKEN=1716768866|Qc5tBMh-1j6R; bSession=0627d659-1bf8-4f4a-a708-e9783f65564e|1; _ga_L7W6G4PX5L=GS1.1.1716768873.1.0.1716768873.0.0.0; _ga=GA1.1.525207715.1716768874
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid_bootstrap.052fc540.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[DropDownMenu].b6729126.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[Column].bad593e0.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /services/editor-elements-library/dist/corvid/rb_wixui.corvid[ClassicSection].8e2d6593.bundle.min.js HTTP/1.1Host: static.parastorage.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: update.firedaemon.com
Source: global traffic DNS traffic detected: DNS query: www.firedaemon.com
Source: global traffic DNS traffic detected: DNS query: static.parastorage.com
Source: global traffic DNS traffic detected: DNS query: static.wixstatic.com
Source: global traffic DNS traffic detected: DNS query: siteassets.parastorage.com
Source: global traffic DNS traffic detected: DNS query: frog.wix.com
Source: global traffic DNS traffic detected: DNS query: panorama.wixapps.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: browser.sentry-cdn.com
Source: unknown HTTP traffic detected: POST /api/v1/bulklog HTTP/1.1Host: panorama.wixapps.netConnection: keep-aliveContent-Length: 496sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://www.firedaemon.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.firedaemon.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateSerhPjNQ
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394516468.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393869391.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl4_
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2391932135.0000000008DA1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393805041.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397325966.0000000008DA5000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206112930.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2209455981.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394667729.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397356348.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392549465.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392197843.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crlJW
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202362219.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2396229598.0000000006B65000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394708376.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394667729.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393923295.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392549465.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202007560.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202460771.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202571167.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl=_
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crlC_m
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crlQ_
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crll_F
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crlu__
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2391932135.0000000008DA1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393805041.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397325966.0000000008DA5000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206112930.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2209455981.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394667729.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397356348.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392549465.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392197843.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202362219.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2396229598.0000000006B65000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394708376.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394667729.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393923295.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392549465.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202007560.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202460771.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202571167.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394516468.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393869391.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.usertrust.
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206000973.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317458420.0000023BF8F2C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.comhttp://crl.comodoca.com/AAACertificateServices.crl
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com.R
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKE
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSmEJ7s5DLYqQ4%2FaFKR54j1BHqdkgQUGqH4YRkgD8NBd0
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRd0JozUYXMqqW4y4zJTrLcMCRSkAQUgTKSQSsozUbIxKLG
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267283665.000002514CA75000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C86C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com0
Source: FireDaemonUI.exe, 00000013.00000002.3266424369.000002514C7D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.comhttp://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crlk
Source: FireDaemonUI.exe, 00000013.00000002.3266424369.000002514C7D9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.comhttp://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.comhttp://crl.sectigo.com/SectigoRSATimeStampingCA.crl9e
Source: FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.comhttp://crl.sectigo.com/SectigoRSATimeStampingCA.crlNz
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.comhttp://crl.sectigo.com/SectigoRSATimeStampingCA.crlhx
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2103942618.00000000051C0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://oneocsp.microGX
Source: wevtutil.exe, 0000000A.00000003.2309007371.000001D01D57B000.00000004.00000020.00020000.00000000.sdmp, wevtutil.exe, 0000000A.00000003.2308943918.000001D01D56C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://schemas.microsof
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2200419550.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206737224.0000000008DE9000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2200544523.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2200619326.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2200482657.0000000000C81000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393082759.0000000000CC2000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393028406.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393141350.0000000000CC6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://standards.iso.org/iso/19770/-2/2008/schema.xsd
Source: FireDaemonCLI.exe, 0000000F.00000003.2369707156.0000023BF8F32000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369775448.0000023BF8F54000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369742925.0000023BF8F3F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.fire
Source: FireDaemonUI.exe, 00000013.00000002.3270961844.000002514EC79000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2451712761.000002514E6C3000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EAB3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com
Source: FireDaemonUI.exe, 00000013.00000002.3277643210.00007FF8A7EE0000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA8C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2451712761.000002514E6C3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1
Source: FireDaemonCLI.exe, 0000000F.00000003.2367860203.0000023BFAF3D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2347806749.0000023BFAF3C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1/H
Source: FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v15
Source: FireDaemonCLI.exe, 0000000F.00000003.2334634464.0000023BFAF9A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2332695607.0000023BFAF8C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2345961339.0000023BFAF9B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1C
Source: FireDaemonUI.exe, 00000013.00000002.3270145044.000002514EC1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1O
Source: FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1Y:
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1portcolor
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v1y
Source: FireDaemonUI.exe, 00000013.00000002.3277643210.00007FF8A7EE0000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v2
Source: FireDaemonCLI.exe, 0000000F.00000003.2367860203.0000023BFAF3D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2347806749.0000023BFAF3C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v2_Hc
Source: FireDaemonCLI.exe, 0000000F.00000003.2324379920.0000023BFB338000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2323682698.0000023BFB333000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v2gL
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v2nStyle/
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v2y=
Source: FireDaemonUI.exe, 00000013.00000002.3277643210.00007FF8A7EE0000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3
Source: FireDaemonUI.exe, 00000013.00000002.3269378923.000002514EA8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3%
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v39=
Source: FireDaemonCLI.exe, 0000000F.00000003.2324379920.0000023BFB338000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2323682698.0000023BFB333000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3?L
Source: FireDaemonCLI.exe, 0000000F.00000003.2325153064.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2346624803.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2327522754.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2331398832.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330276617.0000023BFB11F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330981790.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2348941968.0000023BFB12A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3QY
Source: FireDaemonCLI.exe, 0000000F.00000003.2334634464.0000023BFAF9A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2332695607.0000023BFAF8C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2345961339.0000023BFAF9B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3S
Source: FireDaemonCLI.exe, 0000000F.00000003.2367860203.0000023BFAF3D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2347806749.0000023BFAF3C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3gH
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3in.xml
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED30000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com/scheduling/v3q=
Source: FireDaemonUI.exe, 00000013.00000002.3270145044.000002514EBC4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.com=
Source: FireDaemonCLI.exe, 0000000F.00000003.2327051268.0000023BFB08E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2325153064.0000023BFB08B000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2324821595.0000023BFB08A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comA
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED66000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comFu
Source: FireDaemonCLI.exe, 0000000F.00000003.2368803811.0000023BFAF5E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2333369310.0000023BFAF5B000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2341067909.0000023BFAF5E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2335870935.0000023BFAF5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2333012716.0000023BFAF51000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comJ
Source: FireDaemonCLI.exe, 0000000F.00000003.2336088051.0000023BFAF41000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2346083831.0000023BFAF44000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comK
Source: FireDaemonUI.exe, 00000013.00000002.3270145044.000002514EC1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comL
Source: FireDaemonCLI.exe, 0000000F.00000003.2324174928.0000023BFAFFF000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2344992183.0000023BFB006000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2324542032.0000023BFB000000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2325851450.0000023BFB006000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comMs
Source: FireDaemonCLI.exe, 0000000F.00000003.2326212941.0000023BFB367000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2345866777.0000023BFB370000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2323711947.0000023BFB366000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comN
Source: FireDaemonCLI.exe, 0000000F.00000003.2341749076.0000023BFB0EF000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2344909313.0000023BFB0EF000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2336202004.0000023BFB0EF000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2327051268.0000023BFB0C4000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2324821595.0000023BFB0C4000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2327522754.0000023BFB0E5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comQ
Source: FireDaemonCLI.exe, 0000000F.00000003.2325153064.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2346624803.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2327522754.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2331398832.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330276617.0000023BFB11F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330981790.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comb
Source: FireDaemonUI.exe, 00000013.00000002.3271703793.000002514ED66000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.combt
Source: FireDaemonCLI.exe, 0000000F.00000003.2325153064.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2346624803.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2327522754.0000023BFB11E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2331398832.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330276617.0000023BFB11F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2330981790.0000023BFB126000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comn
Source: FireDaemonUI.exe, 00000013.00000002.3270145044.000002514EB8A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.firedaemon.comw
Source: FireDaemonCLI.exe, 0000000F.00000003.2369707156.0000023BF8F32000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369775448.0000023BF8F54000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369742925.0000023BF8F3F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.fireom
Source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handlerexecutableworkingDirparametersdispositiondetacheddelayU
Source: FireDaemonCLI.exe, 0000000F.00000003.2320017208.0000023BF8F5E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2324174928.0000023BFAFFF000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2348341256.0000023BFB012000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2348537349.0000023BFAF31000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2324542032.0000023BFB000000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2328858161.0000023BFB00C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2325851450.0000023BFB009000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369417735.0000023BFB012000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2333369310.0000023BFAF5B000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2332942849.0000023BFAF60000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2326471358.0000023BFB009000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2320089722.0000023BF8F73000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2335500342.0000023BFAF62000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2344992183.0000023BFB00D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2335870935.0000023BFAF5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2368974131.0000023BFAF67000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2377858981.00007FF8A7EE0000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2333012716.0000023BFAF51000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2325485077.0000023BFB008000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2367860203.0000023BFAF34000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2320119033.0000023BF8F66000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/moment/moment/blame/develop/src/lib/duration/create.js#L15
Source: chromecache_456.25.dr String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2031736336.0000000008577000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202362219.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2391932135.0000000008DA1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2396229598.0000000006B65000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393805041.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397325966.0000000008DA5000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2206112930.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2209963321.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2209455981.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394708376.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394667729.0000000000C6A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393923295.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397356348.0000000008DB0000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392549465.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392197843.0000000008DB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2202007560.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sectigo.com/CPS0
Source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr String found in binary or memory: https://update.firedaemon.com(.
Source: FireDaemonUI.exe, 00000013.00000003.2484829589.000002514F569000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C8AE000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C8AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://update.firedaemon.com/firedaemon-pro-version.txt
Source: FireDaemonUI.exe, 00000013.00000003.2484586838.000002514E73B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://update.firedaemon.com:443/firedaemon-pro-version.txt
Source: FireDaemonUI.exe, 00000012.00000002.2449546044.00007FF79EC60000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2442571474.00007FF79EC60000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://www.bcgsoft.com
Source: FireDaemonCLI.exe, 0000000F.00000003.2370658346.0000023BF8F51000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369865934.0000023BF8F43000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369707156.0000023BF8F32000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369742925.0000023BF8F3F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2030878861.0000000008559000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393405043.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393923295.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/contact-us
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2200714134.0000000000C51000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/contact-us=
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/contact-usWindowsTypeNT40DisplayWindows
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2209455981.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2397389072.0000000008DC7000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393651542.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392197843.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/contact-usi
Source: FireDaemonUI.exe, 00000013.00000002.3273287136.000002514F5D9000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C8AE000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3273287136.000002514F5ED000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E6C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-pro
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-pro(a
Source: FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C8AE000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C8AE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-pro/
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-proQd
Source: FireDaemonUI.exe, 00000013.00000003.2484696778.000002514E6D1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-proay
Source: FireDaemonUI.exe, 00000013.00000002.3268649568.000002514E706000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2815108479.000002514E703000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-prog;
Source: FireDaemonUI.exe, 00000013.00000003.2484586838.000002514E74B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-proi
Source: FireDaemonUI.exe, 00000013.00000003.2484696778.000002514E70F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-promf
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E660000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-proqc
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E6B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/download-firedaemon-protCookiesU
Source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr String found in binary or memory: https://www.firedaemon.com/get-firedaemon-zeroUI0DetectThe
Source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr String found in binary or memory: https://www.firedaemon.com/howto-migrate-firedaemon-pro-3Advapi32.dllRegOpenKeyTransactedW
Source: FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C86C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/pricing
Source: FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C86C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/pricing.dll.mui
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/pricingay:Sat:Saturday
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/pricingu
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369707156.0000023BF8F32000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369742925.0000023BF8F3F000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C86C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/support
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/supportButtonText_Repair&RepairAiPreferFastOemProductLanguage1033ProductV
Source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr String found in binary or memory: https://www.firedaemon.com/supportCannot
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8EDB000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267019362.000002514C86C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/supportay:Sat:Saturday
Source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.firedaemon.com/supportwww.firedaemon.com/pricinghttps://www.firedaemon.com/pricing
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394809309.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000002.2394516468.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2392799433.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393869391.0000000000C1F000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393266704.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2393365744.0000000000CAD000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr String found in binary or memory: https://www.firedaemon.com/user-guides/firedaemon-pro-5
Source: FireDaemonCLI.exe, 0000000F.00000000.2314751372.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2376444407.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp String found in binary or memory: https://www.firedaemon.com/user-guides/firedaemon-pro-5FireDaemonFireDaemonCLI.exeFireDaemon.exehttp
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/user-guides/firedaemon-pro-5HelpLink
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com/user-guides/firedaemon-pro-5wQ
Source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.firedaemon.com/user-guides/firedaemon-pro-5yesCLISOFTWARE
Source: FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com0.dllom
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8EDC000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2317497073.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2316696902.0000023BF8F04000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2376203863.0000023BFAA15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com0/
Source: FireDaemonUI.exe, 00000013.00000002.3267283665.000002514CA75000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.com1.2.840.113549.1.9.4
Source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.firedaemon.comFor
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.commsg.dll
Source: FireDaemonCLI.exe, 0000000F.00000002.2375643153.0000023BF8F1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.firedaemon.commsg.dllB
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60780
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.26.10.34:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49793 version: TLS 1.2

System Summary
barindex
PE file has nameless sections
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5a2bcd.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2D53.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2DE1.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E20.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E50.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2F7A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FC9.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3009.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3029.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3E82.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{CB6F14E0-C0C6-43B7-9DA5-C373C9D27617} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3F7D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4143.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{CB6F14E0-C0C6-43B7-9DA5-C373C9D27617} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{CB6F14E0-C0C6-43B7-9DA5-C373C9D27617}\FireDaemonInstallation.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4A8B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5087.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5134.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5a2bcf.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5a2bcf.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6CCC.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6D0B.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI2D53.tmp Jump to behavior
Enables security privileges
Source: C:\Windows\System32\wevtutil.exe Process token adjusted: Security
PE file contains strange resources
Source: FireDaemonUI.exe.0.dr Static PE information: Resource name: None type: GLS_BINARY_LSB_FIRST
Source: FireDaemonUI.exe.2.dr Static PE information: Resource name: None type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameXmlCfg.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewicustomactions.dll> vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameviewer.exeF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelzmaextractor.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAICustAct.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrereq.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMsiTempFiles.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameExternalUICleaner.dllF vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2038575791.0000000009C56000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewininet.dllD vs FireDaemon-Pro-x64-5.4.10.exe
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2210182830.000000000777A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewininet.dllD vs FireDaemon-Pro-x64-5.4.10.exe
Uses 32bit PE files
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: Core-0ccfb35b.dll.0.dr Static PE information: Section: ZLIB complexity 0.9892121787383178
Source: Core-0ccfb35b.dll.2.dr Static PE information: Section: ZLIB complexity 0.9892121787383178
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2103942618.00000000051C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Installing files.Sln1s,Z2
Source: classification engine Classification label: sus36.phis.evad.winEXE@42/438@25/11
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3748:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6384:120:WilError_03
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE2BE.tmp Jump to behavior
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File read: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 65BC5742A4D136F247A43F6F8A09CB61 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 911D350BE57E64866022B62F36BBA82C C
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe" /i "C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon-Pro-x64-5.4.10.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\FireDaemon Pro" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro" PRODUCT_TEMPFOLDER="C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10" SECONDSEQUENCE="1" CLIENTPROCESSID="3724" AI_MORE_CMD_LINE=1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4FDFDF47CA384F24D6EDC9B370A17B58
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F00D2CFA17B3A1B813951E4AFEA3B618
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\Installer\MSI4A8B.tmp "C:\Windows\Installer\MSI4A8B.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Program Files\FireDaemon Pro\" wevtutil.exe im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll"
Source: C:\Windows\Installer\MSI4A8B.tmp Process created: C:\Windows\System32\wevtutil.exe "C:\Windows\System32\wevtutil.exe" im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll"
Source: C:\Windows\System32\wevtutil.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A88BC285C82FC453C4ED127C82769C1 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2C93263EC56A61C426AD4BBB3DBBF379 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe "C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe" control-all start-automatic
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe"
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe"
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.firedaemon.com/download-firedaemon-pro
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2212,i,1586714833246951182,13030695916731165331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe" /i "C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon-Pro-x64-5.4.10.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\FireDaemon Pro" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro" PRODUCT_TEMPFOLDER="C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10" SECONDSEQUENCE="1" CLIENTPROCESSID="3724" AI_MORE_CMD_LINE=1 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 65BC5742A4D136F247A43F6F8A09CB61 C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 911D350BE57E64866022B62F36BBA82C C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4FDFDF47CA384F24D6EDC9B370A17B58 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F00D2CFA17B3A1B813951E4AFEA3B618 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\Installer\MSI4A8B.tmp "C:\Windows\Installer\MSI4A8B.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Program Files\FireDaemon Pro\" wevtutil.exe im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8A88BC285C82FC453C4ED127C82769C1 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2C93263EC56A61C426AD4BBB3DBBF379 E Global\MSI0000 Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe" Jump to behavior
Source: C:\Windows\Installer\MSI4A8B.tmp Process created: C:\Windows\System32\wevtutil.exe "C:\Windows\System32\wevtutil.exe" im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe "C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe" control-all start-automatic
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe"
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.firedaemon.com/download-firedaemon-pro
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2212,i,1586714833246951182,13030695916731165331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: lpk.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: lpk.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowmanagementapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: inputhost.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.immersive.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sxs.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: amsi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vbscript.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: msi.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: windows.storage.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: wldp.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: kernel.appcore.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: uxtheme.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: propsys.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: profapi.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: edputil.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: urlmon.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: iertutil.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: srvcli.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: netutils.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: sspicli.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: wintypes.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: appresolver.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: bcp47langs.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: slc.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: userenv.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: sppc.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Installer\MSI4A8B.tmp Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\wevtutil.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wevtutil.exe Section loaded: msxml6.dll
Source: C:\Windows\System32\wevtutil.exe Section loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: userenv.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: wtsapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: authz.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: userenv.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: ktmw32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: wtsapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: msasn1.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: cryptsp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: rsaenh.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: cryptbase.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: gpapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: cryptnet.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: profapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: uxtheme.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: windows.storage.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: wldp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: sspicli.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: msxml6.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: jscript.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: iertutil.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: amsi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Section loaded: winsta.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: userenv.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wtsapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: msimg32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: authz.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ktmw32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: uxtheme.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: oledlg.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: aclui.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: netapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dbghelp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: pdh.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: version.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: oleacc.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winmm.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ntdsapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: xmllite.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: srvcli.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: netutils.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dbgcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: msasn1.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dwmapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winsta.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: userenv.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wtsapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: msimg32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: uxtheme.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: oledlg.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: aclui.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: authz.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: netapi32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dbghelp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: pdh.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: version.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: oleacc.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winmm.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: authz.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ktmw32.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ntdsapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: xmllite.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: srvcli.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: netutils.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dbgcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: msasn1.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dwmapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winsta.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: cryptsp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: rsaenh.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: cryptbase.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: gpapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: cryptnet.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: profapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: windows.storage.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wldp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: sspicli.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: msxml6.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: jscript.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: iertutil.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: amsi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: coremessaging.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dwrite.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: textinputframework.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ntmarta.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wintypes.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wintypes.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: wintypes.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: textshaping.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dcomp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dataexchange.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: d3d11.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dxgi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: twinapi.appcore.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: windows.ui.xaml.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: bcp47langs.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winhttpcom.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winhttp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: webio.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: mswsock.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: iphlpapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: winnsi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dnsapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: rasadhlp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: schannel.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ntasn1.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ncrypt.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: mlang.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: dpapi.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: explorerframe.dll
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Section loaded: propsys.dll
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: FireDaemon Pro.lnk.2.dr LNK file: ..\..\..\Program Files\FireDaemon Pro\FireDaemonUI.exe
Source: FireDaemon Pro.lnk0.2.dr LNK file: ..\..\..\..\..\..\Program Files\FireDaemon Pro\FireDaemonUI.exe
Source: Gmail.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Google Drive.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.24.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe File written: C:\Windows\win.ini
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Automated click: I agree to the License terms and conditions.
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Automated click: Next >
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Automated click: Install
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Window detected: Number of UI elements: 16
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Window detected: Number of UI elements: 21
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Common Files\FireDaemon Pro Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\Common Files\FireDaemon Pro\ServiceDefinitions Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemon.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Core.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\VisualLayer.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\add-service-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\add-service.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\additional-menu-horizontal-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\additional-menu-horizontal.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\branding.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-service-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\delete-service.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\done-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\done.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\edit-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\edit-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\erase-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\erase.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\hamburger-menu-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\hamburger-menu.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\logo.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\managed-services.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\open-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\open-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-grey-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-grey.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\pause-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\refresh-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\refresh.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-blue-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-blue.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\restart-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-grey-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-grey.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\resume-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\save.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\scheduling-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\scheduling-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\show-log-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\show-log.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-down-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-down.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-left-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-left.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-up-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\simple-arrow-up.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\splash-screen.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-green-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-green.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\start-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-all-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-all.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-quick-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-quick.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-red-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\stop-red.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\support-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\support.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\switch-session0-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\switch-session0.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\sysinfo.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices-hover.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices-selected.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\Graphics\winservices.emf Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Skin\skin.xml Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\version.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Directory created: C:\Program Files\FireDaemon Pro\regid.2000-01.com.firedaemon_29758F0E-2FC0-46EF-A3D7-0CECCDC6FB35.swidtag
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll:{4498064F-515A180A-A7D546EE-2EB1D8EE}
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Directory created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll:{4498064F-515A180A-A7D546EE-2EB1D8EE}
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FireDaemon Pro 5.4.10 Jump to behavior
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: certificate valid
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: FireDaemon-Pro-x64-5.4.10.exe Static file information: File size 23028048 > 1048576
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x298c00
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\FireDaemonCLI.pdb source: FireDaemonCLI.exe, 0000000F.00000000.2314751372.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2376444407.00007FF7ED2A8000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wininet.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2038575791.0000000009C56000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2210182830.000000000777A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb- source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\XmlCfg.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, ExternalUICleaner.dll.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb7 source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, ExternalUICleaner.dll.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, MSI4A8B.tmp, 00000009.00000000.2297198192.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp, MSI4A8B.tmp, 00000009.00000002.2311397548.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\VisualLayer.pdb::8GCTL source: FireDaemonUI.exe, 00000013.00000002.3278082816.00007FF8B8CCD000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x64\viewer.pdbA source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp, MSI4A8B.tmp, 00000009.00000000.2297198192.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp, MSI4A8B.tmp, 00000009.00000002.2311397548.00007FF7B9AF2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\wicustomactions.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\Core.pdb source: FireDaemonCLI.exe, 0000000F.00000002.2377347366.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000012.00000002.2450039135.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp, FireDaemonUI.exe, 00000013.00000002.3277133863.00007FF8A7AFB000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: wininet.pdbUGP source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2038575791.0000000009C56000.00000004.00000020.00020000.00000000.sdmp, FireDaemon-Pro-x64-5.4.10.exe, 00000006.00000003.2210182830.000000000777A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\VisualLayer.pdb source: FireDaemonUI.exe, 00000013.00000002.3278082816.00007FF8B8CCD000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\XmlCfg.pdbg source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\FireDaemonUI.pdb source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: FireDaemon-Pro-x64-5.4.10.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\tempFiles.pdb source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\firedaemon\product-suite\FDPro\build-target\x64\Release\wicustomactions.pdbmm`GCTL source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Binary contains a suspicious time stamp
Source: shiE59D.tmp.0.dr Static PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
PE file contains sections with non-standard names
Source: FireDaemon-Pro-x64-5.4.10.exe Static PE information: section name: .didat
Source: wicustomactions.dll.0.dr Static PE information: section name: _RDATA
Source: FireDaemon.exe.0.dr Static PE information: section name: _RDATA
Source: FireDaemon.exe.0.dr Static PE information: section name: .shared
Source: FireDaemonCLI.exe.0.dr Static PE information: section name: _RDATA
Source: FireDaemonUI.exe.0.dr Static PE information: section name: _RDATA
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name:
Source: Core.dll.0.dr Static PE information: section name: _RDATA
Source: VisualLayer.dll.0.dr Static PE information: section name: _RDATA
Source: shiE59D.tmp.0.dr Static PE information: section name: .wpp_sf
Source: shiE59D.tmp.0.dr Static PE information: section name: .didat
Source: MSIE94F.tmp.0.dr Static PE information: section name: _RDATA
Source: MSIEA4B.tmp.0.dr Static PE information: section name: _RDATA
Source: MSI11DB.tmp.0.dr Static PE information: section name: _RDATA
Source: FireDaemonCLI.exe.2.dr Static PE information: section name: _RDATA
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name:
Source: FireDaemonUI.exe.2.dr Static PE information: section name: _RDATA
Source: FireDaemon.exe.2.dr Static PE information: section name: _RDATA
Source: FireDaemon.exe.2.dr Static PE information: section name: .shared
Source: Core.dll.2.dr Static PE information: section name: _RDATA
Source: VisualLayer.dll.2.dr Static PE information: section name: _RDATA
Source: MSI4A8B.tmp.2.dr Static PE information: section name: _RDATA
Source: MSI5134.tmp.2.dr Static PE information: section name: _RDATA
Source: MSI2E50.tmp.2.dr Static PE information: section name: _RDATA
Source: MSI3029.tmp.2.dr Static PE information: section name: .didat
Source: FireDaemon-Pro-x64-5.4.10.exe.6.dr Static PE information: section name: .didat
Source: shi28B0.tmp.6.dr Static PE information: section name: .wpp_sf
Source: shi28B0.tmp.6.dr Static PE information: section name: .didat
Source: Core-0ccfb35b.dll.0.dr Static PE information: section name: entropy: 7.9832819118162295
Source: Core-0ccfb35b.dll.2.dr Static PE information: section name: entropy: 7.9832819118162295

Persistence and Installation Behavior
barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\msiexec.exe Executable created and started: C:\Windows\Installer\MSI4A8B.tmp Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSI11DB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\VisualLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3009.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\VisualLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\FireDaemon.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\Core.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E50.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE7E5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6D0B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2D53.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\shiE59D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIEA0C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\shi28B0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSI8085.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2DE1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\lzmaextractor.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE707.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE7C5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonUI.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\Core-0ccfb35b.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5134.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3029.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon.exe Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\ExternalUICleaner.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE94F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2F7A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE6B8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E20.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4143.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FC9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\tempFiles.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIEA4B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5087.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4A8B.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE815.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE845.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3E82.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\wicustomactions.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIEAC9.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\ProgramData\Caphyon\Advanced Installer\{CB6F14E0-C0C6-43B7-9DA5-C373C9D27617}\FireDaemon-Pro-x64-5.4.10.exe Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE63A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIE766.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemonCLI.exe Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Local\Temp\MSIEB28.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6CCC.tmp Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\ProgramData\Caphyon\Advanced Installer\{CB6F14E0-C0C6-43B7-9DA5-C373C9D27617}\FireDaemon-Pro-x64-5.4.10.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3009.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5087.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4A8B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3E82.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5134.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3029.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2F7A.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E50.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2E20.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4143.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2DE1.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FC9.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6D0B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2D53.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI6CCC.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File created: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\FireDaemon Pro\license.txt Jump to behavior
Creates or modifies windows services
Source: C:\Windows\System32\msiexec.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\FireDaemon Pro Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro\FireDaemon Pro.lnk Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro\Online Resources.url Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection
barindex
Creates files in alternative data streams (ADS)
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe File created: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll:{4498064F-515A180A-A7D546EE-2EB1D8EE}
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\Installer\MSI4A8B.tmp Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Special instruction interceptor: First address: 23BFA8D215D instructions caused by: Self-modifying code
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Special instruction interceptor: First address: 2514E2121CD instructions caused by: Self-modifying code
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI11DB.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\VisualLayer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI3009.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\FireDaemon Pro\VisualLayer.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE707.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\FireDaemon Pro\FireDaemon.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\FireDaemon Pro\Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE7C5.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\Core-0ccfb35b.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI3029.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI5134.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon.exe Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\ExternalUICleaner.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE94F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2F7A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE6B8.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2E50.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2E20.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE7E5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI4143.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2FC9.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI6D0B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2D53.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiE59D.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\tempFiles.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEA4B.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI5087.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEA0C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE845.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE815.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI3E82.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\wicustomactions.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi28B0.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEAC9.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\FireDaemon Pro\Core-0ccfb35b.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE63A.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8085.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIE766.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2DE1.tmp Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\lzmaextractor.dll Jump to dropped file
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIEB28.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI6CCC.tmp Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe TID: 1888 Thread sleep time: -30000s >= -30000s
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617 FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: FireDaemon-Pro-x64-5.4.10.exe, 00000000.00000003.2028862611.0000000009A40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: S-1-0Null AuthorityS-1-0-0NobodyS-1-1World AuthorityS-1-2Local AuthorityS-1-2-0LocalS-1-2-1Console LogonS-1-3Creator AuthorityS-1-3-0Creator OwnerS-1-3-1Creator GroupS-1-3-2Creator Owner ServerS-1-3-3Creator Group ServerS-1-5-80-0All ServicesS-1-4Non-unique AuthorityS-1-5NT AuthorityS-1-5-1DialupS-1-5-2NetworkS-1-5-3BatchS-1-5-4InteractiveS-1-5-6ServiceS-1-5-7AnonymousS-1-5-8ProxyS-1-5-9Enterprise Domain ControllersS-1-5-10Principal SelfS-1-5-11Authenticated UsersS-1-5-12Restricted CodeS-1-5-13Terminal Server UsersS-1-5-14Remote Interactive LogonS-1-5-15This OrganizationS-1-5-17Local SystemS-1-5-19S-1-5-20AdministratorsS-1-5-32-545UsersS-1-5-32-546GuestsS-1-5-32-547Power UsersS-1-5-32-548Account OperatorsS-1-5-32-549Server OperatorsS-1-5-32-550Print OperatorsS-1-5-32-551Backup OperatorsS-1-5-32-552ReplicatorsS-1-5-64-10NTLM AuthenticationS-1-5-64-14SChannel AuthenticationS-1-5-64-21Digest AuthenticationS-1-5-80NT ServiceS-1-5-83-0NT VIRTUAL MACHINE\Virtual MachinesS-1-16-0Untrusted Mandatory LevelS-1-16-4096Low Mandatory LevelS-1-16-8192Medium Mandatory LevelS-1-16-8448Medium Plus Mandatory LevelS-1-16-12288High Mandatory LevelS-1-16-16384System Mandatory LevelS-1-16-20480Protected Process Mandatory LevelS-1-16-28672Secure Process Mandatory LevelS-1-5-32-554BUILTIN\Pre-Windows 2000 Compatible AccessS-1-5-32-555BUILTIN\Remote Desktop UsersS-1-5-32-556BUILTIN\Network Configuration OperatorsS-1-5-32-557BUILTIN\Incoming Forest Trust BuildersS-1-5-32-558BUILTIN\Performance Monitor UsersS-1-5-32-559BUILTIN\Performance Log UsersS-1-5-32-560BUILTIN\Windows Authorization Access GroupS-1-5-32-561BUILTIN\Terminal Server License ServersS-1-5-32-562BUILTIN\Distributed COM UsersS-1-5-32-569BUILTIN\Cryptographic OperatorsS-1-5-32-573BUILTIN\Event Log ReadersS-1-5-32-574BUILTIN\Certificate Service DCOM AccessS-1-5-32-575BUILTIN\RDS Remote Access ServersS-1-5-32-576BUILTIN\RDS Endpoint ServersS-1-5-32-577BUILTIN\RDS Management ServersS-1-5-32-578BUILTIN\Hyper-V AdministratorsS-1-5-32-579BUILTIN\Access Control Assistance Operators
Source: FireDaemonCLI.exe, 0000000F.00000003.2322944021.0000023BF8F73000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369619900.0000023BF8F75000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2370715967.0000023BF8F7E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369802428.0000023BF8F7D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375949332.0000023BF8F85000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2370871973.0000023BF8F84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -pAthotyLocalSystemHyper-V Data Exchange ServicerJ
Source: FireDaemonCLI.exe, 0000000F.00000003.2369865934.0000023BF8F43000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2370848698.0000023BF8F4C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369707156.0000023BF8F32000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369742925.0000023BF8F3F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -pVmGidNT AUTHORITY\LocalServiceHyper-V Time Synchronization Service
Source: FireDaemonCLI.exe, 0000000F.00000003.2322944021.0000023BF8F73000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369619900.0000023BF8F75000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2370715967.0000023BF8F7E000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2369802428.0000023BF8F7D000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000002.2375949332.0000023BF8F85000.00000004.00000020.00020000.00000000.sdmp, FireDaemonCLI.exe, 0000000F.00000003.2370871973.0000023BF8F84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: cSLocalSystemHyper-V PowerShell Direct Service
Source: FireDaemonUI.exe, 00000012.00000000.2437318973.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000012.00000002.2445808824.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000000.2441671152.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe, 00000013.00000002.3274630585.00007FF79E3F2000.00000002.00000001.01000000.0000000F.sdmp, FireDaemonUI.exe.0.dr Binary or memory string: %.2f%s%llu%sCannot determine NUMA nodeSOFTWARE\Microsoft\Windows NT\CurrentVersionCouldn't determine number of CPU socketsCouldn't determine processor group topologyReleaseId, 64-bitUBRDisplayVersionWindows Server 2022 Windows(R) 7 , 32-bitWindows 11 Windows(R) Server 2012 Windows(R) 8.1 Windows(R) Server 2008 R2 Windows(R) 8 Windows(R) Server 2016 Technical Preview BusinessWindows(R) Server 2012 R2 Windows(R) 10 Technical Preview Hyper Core VHPC Edition without Hyper-VBusiness NHPC EditionDatacenter without Hyper-V (full installation)Datacenter without Hyper-V (core installation)Datacenter (full installation)Datacenter (core installation)Enterprise EEnterprise (full installation)EnterpriseEnterprise NEnterprise for Itanium-based SystemsEnterprise without Hyper-V (full installation)Enterprise (core installation)Enterprise without Hyper-V (core installation) - Essential Server Solution Management SVC - Essential Server Solution Additional SVC - Essential Server Solution Management - Essential Server Solution AdditionalHome Basic EHome PremiumHome BasicHome Basic N - Home Server 2011 - Storage Server EssentialsHome Premium NHome Premium E - Essential Business Messaging Server - Essential Business Security Server - Microsoft Hyper-V Server - Essential Business Management ServerPro NProfessional NProProfessional - Small Business Server 2011 Essentialsfor SB SolutionsPro EProfessional Efor Windows Essential Server Solutionswithout Hyper-V for Windows Essential Server Solutionsfor SB Solutions EMServer for SB Solutions EM - Small Business Server Premium - Small Business Server Premium (core installation)Foundation - Small Business ServerSolutions PremiumSolutions Premium (core installation) - MultiPoint ServerStandard (core installation)StarterStarter NStandard without Hyper-V (core installation)Standard without Hyper-V - Storage Server Enterprise (core installation) - Storage Server ExpressStarter E - Storage Server Enterprise - Storage Server Standard (core installation) - Storage Server Workgroup - Storage Server Express (core installation) - Storage Server StandardUltimate NUltimate E - Storage Server Workgroup (core installation)UltimateEnterprise Evaluation - MultiPoint Server Standard (full installation) - Web Server (full installation) - Web Server (core installation)Server Datacenter (evaluation installation)Enterprise N EvaluationMultiPoint Server Premium (full installation)Standard (evaluation installation)Professional with Media CenterHome - Storage Server Workgroup (evaluation installation) - Storage Server Standard (evaluation installation)Home Chinafor ChinaHome NNMobileMobile EnterpriseHome Single LanguageSingle LanguageIoT CoreIoT Core CommercialEducationEducation NEnterprise 2015 LTSB EvaluationEnterprise 2015 LTSB N EvaluationEnterprise 2015 LTSBEnterprise 2015 LTSB NUnknown productUnlicensedEmbeddedMultiPoint Server (core installation)%u.%u.%u %sBuild %u%s.%u%s %s Build %u.%uUnsupported Windows versionHARDWARE\DESCRIPTION\System\Cen
Source: FireDaemonUI.exe, 00000013.00000003.2484696778.000002514E6D1000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000002.3267982836.000002514E6C9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWw32
Source: FireDaemonUI.exe, 00000013.00000002.3272762055.000002514F57C000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2484829589.000002514F57C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: FireDaemonUI.exe, 00000013.00000003.2814696705.000002514C86C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}r
Source: wevtutil.exe, 0000000A.00000002.2310407420.000001D01CD7D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Microsoft-Windows-Hyper-V-Guest-Drivers-Storage-Filter
Source: FireDaemonUI.exe, 00000013.00000002.3267597273.000002514E1F0000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: \\.\VBoxGuest
Source: FireDaemonUI.exe, 00000013.00000002.3268649568.000002514E706000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2815108479.000002514E703000.00000004.00000020.00020000.00000000.sdmp, FireDaemonUI.exe, 00000013.00000003.2484586838.000002514E73B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Thread information set: HideFromDebugger
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Thread information set: HideFromDebugger
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Open window title or class name: ollydbg
Checks if the current process is being debugged
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process queried: DebugPort
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process queried: DebugPort
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process queried: DebugObjectHandle
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe Process queried: DebugFlags
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process queried: DebugPort
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process queried: DebugPort
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process queried: DebugObjectHandle
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process queried: DebugFlags

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe NtQueryInformationProcess: Indirect: 0x7FF8B7E8C230
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe NtQuerySystemInformation: Indirect: 0x7FF8B807C4B0
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe NtSetInformationThread: Indirect: 0x7FF8B7E8C5C8
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe NtQueryInformationProcess: Indirect: 0x7FF8B807C2BE
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe NtQueryInformationProcess: Indirect: 0x7FF8B7E8C2BE
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe NtQueryInformationProcess: Indirect: 0x7FF8B7E8C355
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe NtQueryInformationProcess: Indirect: 0x7FF8B807C230
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe NtQueryInformationProcess: Indirect: 0x7FF8B807C355
Source: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe NtSetInformationThread: Indirect: 0x7FF8B807C5C8
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe NtQuerySystemInformation: Indirect: 0x7FF8B7E8C4B0
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe" /i "C:\Users\user\AppData\Roaming\FireDaemon Technologies Limited\FireDaemon Pro 5.4.10\install\9D27617\FireDaemon-Pro-x64-5.4.10.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\FireDaemon Pro" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireDaemon Pro" PRODUCT_TEMPFOLDER="C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10" SECONDSEQUENCE="1" CLIENTPROCESSID="3724" AI_MORE_CMD_LINE=1 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\Installer\MSI4A8B.tmp "C:\Windows\Installer\MSI4A8B.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow /dir "C:\Program Files\FireDaemon Pro\" wevtutil.exe im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe" Jump to behavior
Source: C:\Windows\Installer\MSI4A8B.tmp Process created: C:\Windows\System32\wevtutil.exe "C:\Windows\System32\wevtutil.exe" im "C:\Users\user\AppData\Local\Temp\FireDaemon Pro-5.4.10\CoreETW.man" /rf:"C:\Program Files\FireDaemon Pro\Core.dll" /mf:"C:\Program Files\FireDaemon Pro\Core.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe "C:\Program Files\FireDaemon Pro\FireDaemonCLI.exe" control-all start-automatic
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe "C:\Program Files\FireDaemon Pro\FireDaemonUI.exe"
Source: C:\Program Files\FireDaemon Pro\FireDaemonUI.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.firedaemon.com/download-firedaemon-pro
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "c:\users\user\desktop\firedaemon-pro-x64-5.4.10.exe" /i "c:\users\user\appdata\roaming\firedaemon technologies limited\firedaemon pro 5.4.10\install\9d27617\firedaemon-pro-x64-5.4.10.msi" ai_euimsi=1 appdir="c:\program files\firedaemon pro" shortcutdir="c:\programdata\microsoft\windows\start menu\programs\firedaemon pro" product_tempfolder="c:\users\user\appdata\local\temp\firedaemon pro-5.4.10" secondsequence="1" clientprocessid="3724" ai_more_cmd_line=1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\Installer\MSI4A8B.tmp "c:\windows\installer\msi4a8b.tmp" /enforcedrunasadmin /runasadmin /hidewindow /dir "c:\program files\firedaemon pro\" wevtutil.exe im "c:\users\user\appdata\local\temp\firedaemon pro-5.4.10\coreetw.man" /rf:"c:\program files\firedaemon pro\core.dll" /mf:"c:\program files\firedaemon pro\core.dll"
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Process created: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe "c:\users\user\desktop\firedaemon-pro-x64-5.4.10.exe" /i "c:\users\user\appdata\roaming\firedaemon technologies limited\firedaemon pro 5.4.10\install\9d27617\firedaemon-pro-x64-5.4.10.msi" ai_euimsi=1 appdir="c:\program files\firedaemon pro" shortcutdir="c:\programdata\microsoft\windows\start menu\programs\firedaemon pro" product_tempfolder="c:\users\user\appdata\local\temp\firedaemon pro-5.4.10" secondsequence="1" clientprocessid="3724" ai_more_cmd_line=1 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\Installer\MSI4A8B.tmp "c:\windows\installer\msi4a8b.tmp" /enforcedrunasadmin /runasadmin /hidewindow /dir "c:\program files\firedaemon pro\" wevtutil.exe im "c:\users\user\appdata\local\temp\firedaemon pro-5.4.10\coreetw.man" /rf:"c:\program files\firedaemon pro\core.dll" /mf:"c:\program files\firedaemon pro\core.dll" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\welcome.bmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\welcome.bmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\banner.bmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\banner.bmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\banner.bmp VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_3724\welcome.bmp VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disables event log channels
Source: C:\Windows\System32\wevtutil.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\FireDaemon Technologies Limited-FireDaemon Pro-Service/Operational Enabled
Adds / modifies Windows certificates
Source: C:\Users\user\Desktop\FireDaemon-Pro-x64-5.4.10.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447776 Sample: FireDaemon-Pro-x64-5.4.10.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 36 72 update.firedaemon.com 2->72 86 Tries to detect sandboxes and other dynamic analysis tools (window names) 2->86 88 PE file has nameless sections 2->88 90 Tries to evade debugger and weak emulator (self modifying code) 2->90 11 msiexec.exe 156 149 2->11         started        15 FireDaemon-Pro-x64-5.4.10.exe 166 2->15         started        signatures3 process4 file5 54 C:\Windows\Installer\MSI4A8B.tmp, PE32+ 11->54 dropped 56 C:\Program Files\...\FireDaemonUI.exe, PE32+ 11->56 dropped 58 C:\Program Files\...\FireDaemonCLI.exe, PE32+ 11->58 dropped 66 18 other files (1 malicious) 11->66 dropped 96 Drops executables to the windows directory (C:\Windows) and starts them 11->96 17 msiexec.exe 11->17         started        19 msiexec.exe 8 11->19         started        21 MSI4A8B.tmp 11->21         started        26 4 other processes 11->26 60 C:\Users\user\AppData\...\VisualLayer.dll, PE32+ 15->60 dropped 62 C:\Users\user\AppData\...\FireDaemonUI.exe, PE32+ 15->62 dropped 64 C:\Users\user\AppData\...\FireDaemonCLI.exe, PE32+ 15->64 dropped 68 23 other files (none is malicious) 15->68 dropped 23 FireDaemon-Pro-x64-5.4.10.exe 12 15->23         started        signatures6 process7 file8 28 FireDaemonCLI.exe 17->28         started        32 FireDaemonUI.exe 19->32         started        34 wevtutil.exe 21->34         started        50 C:\Users\user\AppData\Local\...\shi28B0.tmp, PE32+ 23->50 dropped 52 C:\...\FireDaemon-Pro-x64-5.4.10.exe, PE32 23->52 dropped process9 file10 70 Core-0ccfb35b.dll:...-A7D546EE-2EB1D8EE}, data 28->70 dropped 98 Creates files in alternative data streams (ADS) 28->98 100 Hides threads from debuggers 28->100 102 Found direct / indirect Syscall (likely to bypass EDR) 28->102 36 conhost.exe 28->36         started        38 FireDaemonUI.exe 32->38         started        104 Disables event log channels 34->104 42 conhost.exe 34->42         started        signatures11 process12 dnsIp13 74 update.firedaemon.com 104.26.10.34, 443, 49715 CLOUDFLARENETUS United States 38->74 92 Hides threads from debuggers 38->92 94 Found direct / indirect Syscall (likely to bypass EDR) 38->94 44 chrome.exe 38->44         started        signatures14 process15 dnsIp16 76 192.168.2.5, 443, 49553, 49703 unknown unknown 44->76 78 239.255.255.250 unknown Reserved 44->78 47 chrome.exe 44->47         started        process17 dnsIp18 80 www.google.com 142.250.185.196, 443, 49751, 60780 GOOGLEUS United States 47->80 82 browser.sentry-cdn.com 151.101.194.217, 443, 49848 FASTLYUS United States 47->82 84 16 other IPs or domains 47->84
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
3.85.180.19
 bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com United States
14618 AMAZON-AESUS false
99.86.4.90
 unknown United States
16509 AMAZON-02US false
34.49.229.81
 td-static-34-49-229-81.parastorage.com United States
2686 ATGS-MMD-ASUS false
99.86.4.105
 d1cq301dpr7fww.cloudfront.net United States
16509 AMAZON-02US false
104.26.10.34
 update.firedaemon.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.196
 www.google.com United States
15169 GOOGLEUS false
151.101.194.217
 browser.sentry-cdn.com United States
54113 FASTLYUS false
34.149.87.45
 td-ccm-neg-87-45.wixdns.net United States
2686 ATGS-MMD-ASUS false
34.149.206.255
 glb-editor.wix.com United States
2686 ATGS-MMD-ASUS false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
browser.sentry-cdn.com 151.101.194.217 true
glb-editor.wix.com 34.149.206.255 true
d1cq301dpr7fww.cloudfront.net 99.86.4.105 true
td-static-34-49-229-81.parastorage.com 34.49.229.81 true
www.google.com 142.250.185.196 true
td-ccm-neg-87-45.wixdns.net 34.149.87.45 true
update.firedaemon.com 104.26.10.34 true
bi-flogger-alb-ext-343643057.us-east-1.elb.amazonaws.com 3.85.180.19 true
static.wixstatic.com unknown unknown
siteassets.parastorage.com unknown unknown
frog.wix.com unknown unknown
www.firedaemon.com unknown unknown
panorama.wixapps.net unknown unknown
static.parastorage.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://frog.wix.com/bolt-performance?src=72&evid=21&appName=thunderbolt&is_rollout=1&is_sav_rollout=0&is_dac_rollout=0&dc=42&microPop=fastly_42_g&is_cached=true&msid=49d14df4-afe2-4e62-83bc-650176825a35&session_id=adeae0fd-d2b1-4196-944d-a38205e992a9&ish=false&isb=false&vsi=97642ca1-5898-43f4-8533-becae685cd66&caching=hit,hit_miss&pv=visible&pn=1&v=1.14056.0&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&st=2&ts=45&tsn=1588&platformOnSite=true false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/auto-frontend-modules/dist/webworker/auto-frontend-modules.0e3e917b.umd.min.js false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/tslib.inline.affe2026.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/group_43.fac77ec7.chunk.min.js false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt_bootstrap-classic.3bf2ca42.bundle.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/panorama.051dc072.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/platform.34e40fe4.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/third-party/fonts/user-site-fonts/fonts/open-source/opensans-regular-webfont.woff false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/Fallback.corvid.6c607819.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/ooi.aaf1fd25.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/auto-frontend-modules/1.4827.0/webworker/manifest-worker.min.json false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/tpaCommons.0e16a51b.chunk.min.js false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://frog.wix.com/bt?src=29&evid=3&viewer_name=thunderbolt&caching=hit,hit_miss&dc=42&microPop=fastly_42_g&et=33&event_name=page%20interactive&is_cached=true&is_platform_loaded=0&is_rollout=1&ism=1&isp=0&isjp=false&iss=1&ita=1&msid=49d14df4-afe2-4e62-83bc-650176825a35&pid=vi7pm&pn=1&sar=1280x984&sessionId=adeae0fd-d2b1-4196-944d-a38205e992a9&siterev=5065-__siteCacheRevision__&sr=1280x1024&st=2&ts=8674&tts=10218&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&v=1.14056.0&vid=38a15070-7fdd-4de0-aeac-5eb12a324034&bsi=0627d659-1bf8-4f4a-a708-e9783f65564e|1&vsi=97642ca1-5898-43f4-8533-becae685cd66&wor=1050x964&wr=1034x870&_brandId=wix false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt_bootstrap.8949600c.bundle.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/environmentWixCodeSdk.7690a40b.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/group_0.fbab12aa.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/group_33.f6f5fc64.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.wixstatic.com/media/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png/v1/fill/w_227,h_48,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/dc9a59_9354b886e1e4435e939e6ec92ac3c300~mv2.png false
  • Avira URL Cloud: safe
 unknown
https://update.firedaemon.com/firedaemon-pro-version.txt false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/wix-thunderbolt/dist/group_7.bae0ce0c.chunk.min.css false
  • URL Reputation: safe
 unknown
https://www.firedaemon.com/_partials/wix-thunderbolt/dist/nonMainSdks.725f9808.chunk.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/tag-manager-client/1.841.0/siteTags.bundle.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/services/cookie-consent-banner-for-uou/1.730.0//app.bundle.min.js false
  • Avira URL Cloud: safe
 unknown
https://static.wixstatic.com/media/9fb53e_8dcfc3c797a44c8d9c13ea5ea1ecf0c1~mv2.png/v1/crop/x_14,y_4,w_410,h_92/fill/w_53,h_12,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/_edited.png false
  • Avira URL Cloud: safe
 unknown
https://static.parastorage.com/unpkg/react-dom@18.3.1/umd/react-dom.production.min.js false
  • Avira URL Cloud: safe
 unknown
https://frog.wix.com/bt?src=29&evid=3&viewer_name=thunderbolt&caching=hit,hit_miss&dc=42&microPop=fastly_42_g&et=1&event_name=Init&is_cached=true&is_platform_loaded=0&is_rollout=1&ism=1&isp=0&isjp=false&iss=1&ita=1&msid=49d14df4-afe2-4e62-83bc-650176825a35&pn=1&sessionId=adeae0fd-d2b1-4196-944d-a38205e992a9&siterev=5065-__siteCacheRevision__&st=2&ts=638&tts=2181&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&v=1.14056.0&vsi=97642ca1-5898-43f4-8533-becae685cd66&_brandId=wix false
  • Avira URL Cloud: safe
 unknown
https://www.firedaemon.com/download-firedaemon-pro false
    		unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/main.f384254e.bundle.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://frog.wix.com/pa?_msid=49d14df4-afe2-4e62-83bc-650176825a35&vsi=97642ca1-5898-43f4-8533-becae685cd66&_av=thunderbolt-1.14056.0&isb=false&_brandId=wix&_siteBranchId=undefined&_ms=10225&_isHeadless=undefined&_hostingPlatform=VIEWER&_lv=2.0.985%7CC&_visitorId=38a15070-7fdd-4de0-aeac-5eb12a324034&_siteMemberId=undefined&bsi=0627d659-1bf8-4f4a-a708-e9783f65564e%7C1&src=76&evid=1109&pid=vi7pm&pn=1&viewer=TB&pt=static&pa=editor&pti=vi7pm&uuid=9fb53e45-004a-4b5e-9251-01139847ff5b&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&ref=&bot=false&bl=en-US&pl=en-US%2Cen&_isca=1&_iscf=1&_ispd=0&_ise=0&_=17167688737561 false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/editor-elements-library/dist/thunderbolt/rb_wixui.thunderbolt[SkipToContentButton].a2d57d10.bundle.min.js false
    • URL Reputation: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/group_4.8bb74093.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/group_9.857f66a1.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/animations.17323c3a.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://frog.wix.com/bpm?_msid=49d14df4-afe2-4e62-83bc-650176825a35&vsi=97642ca1-5898-43f4-8533-becae685cd66&_av=thunderbolt-1.14056.0&isb=false&ts=10995&tsn=12538&dc=42&microPop=fastly_42_g&caching=hit%2Chit_miss&session_id=adeae0fd-d2b1-4196-944d-a38205e992a9&st=2&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&ish=false&pn=1&isFirstNavigation=true&pv=true&pageId=vi7pm&isServerSide=false&isSuccessfulSSR=true&is_lightbox=false&is_cached=true&is_sav_rollout=0&is_dac_rollout=0&v=1.14056.0&_brandId=wix&_siteBranchId=undefined&_ms=12538&_isHeadless=undefined&_hostingPlatform=VIEWER&_lv=2.0.985%7CC&_mt_instance=05S2CUFXEgdB2hDG16mdRzmMuM8wZjgsF2JzF5HPeTI.eyJpbnN0YW5jZUlkIjoiNDlkMTRkZjQtYWZlMi00ZTYyLTgzYmMtNjUwMTc2ODI1YTM1IiwiYXBwRGVmSWQiOiIyMmJlZjM0NS0zYzViLTRjMTgtYjc4Mi03NGQ0MDg1MTEyZmYiLCJtZXRhU2l0ZUlkIjoiNDlkMTRkZjQtYWZlMi00ZTYyLTgzYmMtNjUwMTc2ODI1YTM1Iiwic2lnbkRhdGUiOiIyMDI0LTA1LTI3VDAwOjE0OjI2LjcyNloiLCJkZW1vTW9kZSI6ZmFsc2UsImFpZCI6IjM4YTE1MDcwLTdmZGQtNGRlMC1hZWFjLTVlYjEyYTMyNDAzNCIsInNpdGVPd25lcklkIjoiOWZiNTNlNDUtMDA0YS00YjVlLTkyNTEtMDExMzk4NDdmZjViIn0&_visitorId=undefined&_siteMemberId=undefined&src=72&evid=502&_=17167688760562&tti=10144&tbt=11&iframes=0&screens=2&entryType=loaded&lcp=3323&lcpSize=152054&closestId=img_comp-lk1nm3jg&lcpTag=WOW-IMAGE&lcpResourceType=png&lcpInLightbox=false&countScripts=48&startTimeScripts=2168&durationScripts=8365&mttfbScripts=124&attfbScripts=125&cssResourcesScripts=&tbdScripts=1435829&countImages=4&startTimeImages=2970&durationImages=320&mttfbImages=552&attfbImages=562&cssResourcesImages=&tbdImages=87120&countFonts=2&startTimeFonts=2199&durationFonts=496&mttfbFonts=117&attfbFonts=117&cssResourcesFonts=&tbdFonts=170224&duration=6931&ttlb=2163&dcl=3822&transferSize=657316&decodedBodySize=657016&isSsr=true&isWelcome=false&bsi=0627d659-1bf8-4f4a-a708-e9783f65564e%7C1&ssrDuration=210&ssrTimestamp=1716763885129&isRollout=true&isPlatformLoaded=false&maybeBot=false&cls=75&countCls=1&clsOld=114&clsId=comp-l9l2563x1&clsTag=DIV&clientType=ugc&analytics=true&_isca=1&_iscf=1&_ispd=0&_ise=1 false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/thunderbolt-commons.e52856fd.bundle.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/siteMembers.0d22f791.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/group_28.d2676dae.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/editor-elements/1.12119.0/rb_wixui.thunderbolt.manifest.min.json false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/windowScroll.bc5f1bd7.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.wixstatic.com/media/9fb53e_d6b5d9866444497586eb218c6b0d5d76~mv2.png/v1/fill/w_969,h_685,al_c,q_90,usm_0.66_1.00_0.01,enc_auto/FireDaemon%20Pro%205%20Service%20Definition.png false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/thunderbolt-components-registry.0ad4b1bd.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/editor-elements/1.12119.0/rb_wixui.corvid.manifest.min.json false
    • Avira URL Cloud: safe
    		 unknown
    https://www.firedaemon.com/_partials/wix-thunderbolt/dist/clientWorker.40b4c8e8.bundle.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://frog.wix.com/bolt-performance?src=72&evid=28&appName=thunderbolt&is_rollout=1&is_sav_rollout=0&is_dac_rollout=0&dc=42&microPop=fastly_42_g&is_cached=true&msid=49d14df4-afe2-4e62-83bc-650176825a35&session_id=adeae0fd-d2b1-4196-944d-a38205e992a9&ish=false&isb=false&vsi=97642ca1-5898-43f4-8533-becae685cd66&caching=hit,hit_miss&pv=visible&pn=1&v=1.14056.0&url=https%3A%2F%2Fwww.firedaemon.com%2Fdownload-firedaemon-pro&st=2&ts=45&tsn=1588&name=partially_visible&duration=1716768865655&pageId=vi7pm&isSuccessfulSSR=true false
    • Avira URL Cloud: safe
    		 unknown
    https://www.firedaemon.com/_api/tag-manager/api/v1/tags/sites/49d14df4-afe2-4e62-83bc-650176825a35?wixSite=false&htmlsiteId=966392eb-b72e-4748-adc9-c5effa72ecbf&language=en&partytown=false false
    • Avira URL Cloud: safe
    		 unknown
    https://static.parastorage.com/services/wix-thunderbolt/dist/group_7.d83ad24e.chunk.min.js false
    • Avira URL Cloud: safe
    		 unknown